On Tue, Sep 25, 2007 at 12:04:15AM +0200, Martin Uecker wrote: > Manoj Srivastava <srivasta@debian.org> wrote: > > Actually, if you do not trust the path down which a binary > > package flows, you can not use any information down that flow path to > > test your implementation. You need to do a full source audit, and > > build from source -- at which point, you might just install your trused > > binary, instead of trying to verify that the upstream package is the > > same as yours. > > It would be enough when just a few people are actually recompiling the > binaries and compare it to the official debian packages. Then > *everbody* could trust that the packages are not modified, > because any modification would be detected immediatley. This is > only possible with bit-identical binaries. Erm, if I can't trust the Debian Project to create trustworthy packages and verify their integrity, why should I trust anyone else to verify them? And why should anyone trust anyone else? A security system like this would only make sense if everyone did it, and if you're going to recompile every single package to make sure it's trustworthy, then you may as well be using FreeBSD, Gentoo, or similar... You're also assuming that the source code is trustworthy. If the binary packages can be compromised, so can the source packages. -- Benjamin A'Lee <bma@subvert.org.uk> http://subvert.org.uk/~bma/
Attachment:
signature.asc
Description: Digital signature