[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building packages with exact binary matches

On Mon, Sep 24, 2007 at 06:20:40PM -0500, Manoj Srivastava wrote:
> On Tue, 25 Sep 2007 00:04:15 +0200, Martin Uecker <muecker@gmx.de> said: 
> > It would be enough when just a few people are actually recompiling the
> > binaries and compare it to the official debian packages. Then
> > *everbody* could trust that the packages are not modified, because any
> > modification would be detected immediatley. This is only possible with
> > bit-identical binaries.
>         Err, what? Why would everyone do that? I mean, you do not trust
>  the Debian distribution system, the archive gpg signatures, the md5sums
>  on the package, etc, and ye5t you are willing to accept mails from
>  other people that things are oK? 

No. I would trust the binaries if there are *no mails* from 
other people that things are *not ok*. Because everybody can
check that the binaries are not compromised, you can actually
be quite sure that things are ok, as long as nobody complains.
And if doubts come up, I can check myself. This actually the
same principle on wich science is build: falsifiability.

Compare this to the current system: The trustworthiness of *all*
DDs wich maintain packages which are installed on my systems, the
security of *all* computers those DDs store their keys on, the
security of the build host, the gpg signatures and the md5sums
are actually a chain of trust where the weakest link determines
the total security.

Reply to: