Re: Building packages with exact binary matches
On Mon, Sep 24, 2007 at 06:20:40PM -0500, Manoj Srivastava wrote:
> On Tue, 25 Sep 2007 00:04:15 +0200, Martin Uecker <firstname.lastname@example.org> said:
> > It would be enough when just a few people are actually recompiling the
> > binaries and compare it to the official debian packages. Then
> > *everbody* could trust that the packages are not modified, because any
> > modification would be detected immediatley. This is only possible with
> > bit-identical binaries.
> Err, what? Why would everyone do that? I mean, you do not trust
> the Debian distribution system, the archive gpg signatures, the md5sums
> on the package, etc, and ye5t you are willing to accept mails from
> other people that things are oK?
No. I would trust the binaries if there are *no mails* from
other people that things are *not ok*. Because everybody can
check that the binaries are not compromised, you can actually
be quite sure that things are ok, as long as nobody complains.
And if doubts come up, I can check myself. This actually the
same principle on wich science is build: falsifiability.
Compare this to the current system: The trustworthiness of *all*
DDs wich maintain packages which are installed on my systems, the
security of *all* computers those DDs store their keys on, the
security of the build host, the gpg signatures and the md5sums
are actually a chain of trust where the weakest link determines
the total security.