Re: Building packages with exact binary matches
On Fri, Sep 28, 2007 at 09:05:59AM -0700, Don Armstrong wrote:
> On Fri, 28 Sep 2007, Martin Uecker wrote:
> > You are seriously stating that is as easy to hide a trojan in the
> > source code as in the binary?
> Consider the fact that we've already had such a case, whereas we've
> not (to my knowledge) distributed a trojaned binary. I'm not sure
> which is easier to hide, but it seems that making a source trojan is
> at least more frequent if not easier to create.
I would not call this a trojan. But I guess I have to change
my opinion anyway. Manoj is right: Trojaned upstream sources
are a major security risk, against which exact binary matches
do not help. But I still think they would still eliminate a lot
of other risks, which should IMHO not be ignored.
There is some other thing I do not like about the way Debian
packages work. Every package I install can actually completely
compromise my system, because the maintainer scripts are run
as root. It would be nice if normal packages would not be allowed
to have maintainer scripts and would only be allowed to install
binaries in certain paths.