[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildds: "Authentication warning overridden."

On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote:
> * Wouter Verhelst:
> > That's inevitable because http://incoming.debian.org is not signed; The
> > update frequency of that repository (which is available only to buildd
> > hosts by IP and/or password protection) makes that impossible

Nack. The Release files are automaticaly signed. The problem is that the
accepted queue is no complete dist but only a Packages file, so there is
no Release file to be signed.

> In this case, HTTPS should be used to download the packages, together
> with proper certificate validation.  This has got the added benefit that
> passwords aren't sent in the clear (well, unless an error occurs, but
> this is a separate issue).

You try to fix one of the problems with buildds. You need to spoof DNS
or similar things to overtake the main mirror. There is a much worser
problem, the build logs which are usualy used to generate the signed
changes file are not authenticated in any way. This bug can be triggered
by anyone and at least the security team usualy don't know where logs
may come from.

Bastian

-- 
You're dead, Jim.
		-- McCoy, "Amok Time", stardate 3372.7
Reply to: