[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildds: "Authentication warning overridden."

[I read the list, no need to reply To me, thanks]

Steve McIntyre wrote:
> That's all well and good, but the buildds also depend on using
> packages from (for example) incoming, which it is not feasible to
> sign.

Even tough incoming is not signed, packages require a valid DD/similar
signature to be there.
What I worry about is having a mirror or even the main archive compromised, 
because buildd's won't have a chance to possibly stop the attack because
signatures aren't verified.


Reply to: