[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildds: "Authentication warning overridden."

Michael Banck wrote:
> Assuming that compromised mirrors get quickly identified by people using
> signatures, and buildd packages having to be uploaded directly, the
> amount of compromised packages this way is probably small, so they can
> be rebuilt using packages from another mirror, after the build logs have
> been inspected to see whether compromised packages have indeed been
> used.

Your last point really depends on how the packages were compromised, so it
is possible that a compromised package is used without a chance to find it.

That means that any package built on that buildd since the last mirror push
would have to be dropped (or in case it was already uploaded to the
archive, rebuild).

> Michael


Reply to: