[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using buildds only (was: Results of the meeting...)

Quoting Hamish Moffatt <hamish@debian.org>:
> There is the possibility that developer builds get extra features
> enabled due to other installed libraries etc. This could be checked for
> by analysing the packages files for different architectures or similar.

This is a really nice idea: A DD with a strange sense of humour
could "enable an extra feature" in their binary package, that is
not in the source code - at least not in the uploaded source.
Could be a virus, a Trojan horse, a root kit, a time-bomb.  As
>= 95% of our users have i386, it's easy to generate nice damage.

Security-wise, binary uploads are no go.

Cheers, WB

Reply to: