Re: Bits (Nybbles?) from the Vancouver release team meeting
On Mon, Mar 14, 2005 at 08:07:03PM +0100, Wouter Verhelst wrote:
> Op ma, 14-03-2005 te 19:15 +0100, schreef Sven Luther:
> > so the buildd admin really examine all the packages for deviation that a
> > compromised buildd could have incorporated before signing them ? Or that they
> > scan the machine for a compromise and always detect them before signing ?
> Not really.
> As you know, nothing gets uploaded to the archive without it having a
> gpg signature by a key in the Debian gpg keyring. That goes for
> autobuilt packages, too.
> Also, I never sign stuff unless it gets through my filters and into the
> right Maildir (and one of the things my filters check is the 'From'
> address), so only the correct host will be able to upload.
> Apart from that, I regularly log in to my buildd hosts, and check up on
> them. If the host were compromised, I'd notice -- just as much as I'd
> notice if anyone would compromise my firewall.
But you would notice all this just the same if the signing where automated,
don't you ? None of the procedures above would allow you to discover a package
built on a compromised buildd in a better way than if it was auto-signed.