[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

buildds: "Authentication warning overridden."

Hi all,

It's not uncommon to see buildds (actually build tools) override the
package/Release signature warning.
So I was wondering, what is the point of having such a signatures
verification system if the build systems do not care about them?

I know the main target is to prevent end users from downloading
compromised/not-legitimate packages. But, I'm thinking about a possible
package compromise and buildd's using such affected packages and leaving
the possibility to have the built packages also compromised.

Wouldn't it be better to have the buildd's verify the Release signature
rather than just overriding the warning?

Raphael Geissert

Reply to: