buildds: "Authentication warning overridden."

To: debian-devel@lists.debian.org
Subject: buildds: "Authentication warning overridden."
From: Raphael Geissert <atomo64+debian@gmail.com>
Date: Fri, 09 Nov 2007 18:53:12 -0600
Message-id: <[🔎] fh2vdq$77g$1@ger.gmane.org>

Hi all,

It's not uncommon to see buildds (actually build tools) override the
package/Release signature warning.
So I was wondering, what is the point of having such a signatures
verification system if the build systems do not care about them?

I know the main target is to prevent end users from downloading
compromised/not-legitimate packages. But, I'm thinking about a possible
package compromise and buildd's using such affected packages and leaving
the possibility to have the built packages also compromised.

Wouldn't it be better to have the buildd's verify the Release signature
rather than just overriding the warning?


Cheers,
Raphael Geissert

Reply to:

Follow-Ups:
- Re: buildds: "Authentication warning overridden."
  - From: Steve McIntyre <steve@einval.com>
- Re: buildds: "Authentication warning overridden."
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: crossbuild support: help2man considered harmful
Next by Date: Re: buildds: "Authentication warning overridden."
Previous by thread: ITP: jclic -- Tool for the development and use of multimedia educational activities
Next by thread: Re: buildds: "Authentication warning overridden."
Index(es):
- Date
- Thread