[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: *seconded* Re: Bits (Nybbles?) from the Vancouver release team meeting

Hi, Ola Lundqvist wrote:

> Hello
> On Wed, Mar 16, 2005 at 03:27:27PM +0100, Matthias Urlichs wrote:
>> Hi, Rob Taylor wrote:
>> > Do you think it might be better have a trusted builder keyring, with
>> > strict rules on what makes a trusted builder (it seems rather a
>> > different set of issues to that addressed by the DD criterion)?
>> That makes sense -- but only if Debian switches to source-only uploads.
> Why is source-only uploads needed for this?
I didn't say it was needed, I said it doesn't make sense.

Either anybody can build and upload anything -- then strict rules
and checks are overkill.

Or packages are built by firewalled trusted build systems. That doesn't
make sense to do that only when we feel like it -- if we have to have
"build machines need to be secure systems" rules, these should be applied
to every package, with the possible exclusion of "real" binNMUs.

At the moment we basically trust every DD not to have a compromised
machine (or, horrors, a malicious DD) -- worse, we ignore the possibility
of binary Trojans, which aren't evident from source code and thus much
harder to track down if something happens. I think that, long-term, this
might be a bit too risky.

Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf@smurf.noris.de

Reply to: