[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildds: "Authentication warning overridden."



On Fri, Nov 09, 2007 at 08:00:15PM -0600, Raphael Geissert wrote:
> Steve McIntyre wrote:
> > That's all well and good, but the buildds also depend on using
> > packages from (for example) incoming, which it is not feasible to
> > sign.
> 
> Even tough incoming is not signed, packages require a valid DD/similar
> signature to be there.
> What I worry about is having a mirror or even the main archive compromised, 
> because buildd's won't have a chance to possibly stop the attack because
> signatures aren't verified.

Won't somebody else stop the attack in their place then, who does check
the signatures?


Michael



Reply to: