Re: Unofficial buildd network has been shut down

To: debian-devel@lists.debian.org
Subject: Re: Unofficial buildd network has been shut down
From: Manoj Srivastava <srivasta@debian.org>
Date: Fri, 03 Sep 2004 11:55:23 -0500
Message-id: <[🔎] 877jrbuwas.fsf@glaurung.internal.golden-gryphon.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 877jrbewyu.fsf@becket.becket.net> (Thomas Bushnell's message of "02 Sep 2004 22:35:21 -0700")
References: <[🔎] 20040901160249.GA4116@suffields.me.uk> <[🔎] 20040901163817.GA12167@ping.be> <[🔎] 20040901165247.GA4340@suffields.me.uk> <[🔎] 87zn497kn4.fsf@becket.becket.net> <[🔎] 20040901214009.GB5917@suffields.me.uk> <[🔎] 87hdqh7hdm.fsf@becket.becket.net> <[🔎] 20040901225649.GA6356@suffields.me.uk> <[🔎] 873c21scgz.fsf@becket.becket.net> <[🔎] 20040902132413.GA23540@suffields.me.uk> <[🔎] 87oekohavr.fsf@becket.becket.net> <[🔎] 20040902192219.GP12372@riva.ucam.org> <[🔎] 877jrbewyu.fsf@becket.becket.net>

On 02 Sep 2004 22:35:21 -0700, Thomas Bushnell BSG <tb@becket.net> said: 

> Colin Watson <cjwatson@debian.org> writes:
>> On Thu, Sep 02, 2004 at 09:51:52AM -0700, Thomas Bushnell BSG wrote:
>> > But that's neither here nor there; the Thompson point is that
>> > your tool can be corrupted too. :)
>> 
>> While Thompson's point is valid as far as it goes, going to this
>> extent really seems to be in the realm of science fiction. If
>> you're being attacked by the Blight [1], you lose ...

> I think Thompson's point is that any known automated system of
> checking is easily defeated.

	Easily? I think not. And a pursuit of perfect security is
 amateurish; there is no such thing.  Don't make perfect the enemy of
 the good; it is extremely desirable to layer defenses, and even if
 each layer is penetrable alone, the system as a whole may make the
 return on effort not worthwhile for the attacker (and may set the bar
 too high for less competent attackers).

	In any case, doing automated chcking like this reduced the
 window of vulnerability; the Thompson attack, for example, would have
 to be have injected into gcc over a decade ago; and the window for
 that attack is closed.

	manoj
-- 
Q: What's the difference between a Mac and an Etch-a-Sketch? A: You
don't have to shake the Mac to clear the screen.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: Unofficial buildd network has been shut down
  - From: Thomas Bushnell BSG <tb@becket.net>

References:
- Re: Unofficial buildd network has been shut down
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Kurt Roeckx <Q@ping.be>
- Re: Unofficial buildd network has been shut down
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Unofficial buildd network has been shut down
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Unofficial buildd network has been shut down
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Unofficial buildd network has been shut down
  - From: Andrew Suffield <asuffield@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Unofficial buildd network has been shut down
  - From: Colin Watson <cjwatson@debian.org>
- Re: Unofficial buildd network has been shut down
  - From: Thomas Bushnell BSG <tb@becket.net>

Prev by Date: Re: if you guys are really worried about a Ken Thompson-style hack in gcc
Next by Date: Re: Please stop the flamewar madeness.
Previous by thread: Re: Unofficial buildd network has been shut down
Next by thread: Re: Unofficial buildd network has been shut down
Index(es):
- Date
- Thread