Re: ssl security desaster
* Martin Uecker
| Another problem I have argued about before, not directly related to this
| incident, but IMHO another desaster waiting to happen: There is no
| way to independetly validate that a debian binary package was
| created from the corresponding source.
How would you go about doing that? If you just mean «all packages
should be built on the buildds», that's fairly easy to do, but if you
are talking about actual verification of source => binary which can be
done post-mortem, that's much harder.
| What bothers me too is the fact that the installer scripts of all
| packages have root permissions during installation. While this might
| be hard to do, in principle I see no good reason why installer
| scripts could not be limited to certain tasks.
I believe that postinsts need the flexibility shell (or perl or python
or whatever) gives them. If you want to restrict postinsts to only be
able to do a limited set of operations, the quality of packages will
detoriate quite a bit as they are no longer flexible enough to cater
for all packages's needs.
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are