Re: buildds: "Authentication warning overridden."

To: debian-devel@lists.debian.org
Subject: Re: buildds: "Authentication warning overridden."
From: Raphael Geissert <atomo64+debian@gmail.com>
Date: Fri, 09 Nov 2007 20:00:15 -0600
Message-id: <[🔎] fh33bi$h22$1@ger.gmane.org>
References: <[🔎] fh2vdq$77g$1@ger.gmane.org> <[🔎] E1Iqexj-0001cO-0A@jack.mossbank.org.uk>

[I read the list, no need to reply To me, thanks]

Steve McIntyre wrote:
> 
> That's all well and good, but the buildds also depend on using
> packages from (for example) incoming, which it is not feasible to
> sign.
> 

Even tough incoming is not signed, packages require a valid DD/similar
signature to be there.
What I worry about is having a mirror or even the main archive compromised, 
because buildd's won't have a chance to possibly stop the attack because
signatures aren't verified.

Regards,
Raphael

Reply to:

Follow-Ups:
- Re: buildds: "Authentication warning overridden."
  - From: Michael Banck <mbanck@debian.org>

References:
- buildds: "Authentication warning overridden."
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: buildds: "Authentication warning overridden."
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: buildds: "Authentication warning overridden."
Next by Date: Re: buildds: "Authentication warning overridden."
Previous by thread: Re: buildds: "Authentication warning overridden."
Next by thread: Re: buildds: "Authentication warning overridden."
Index(es):
- Date
- Thread