On Sat, 18 Feb 2012 12:32:14 +0100 Jakub Wilk <jwilk@debian.org> wrote: > * Christoph Anton Mitterer <calestyo@scientia.net>, 2012-02-18, 06:09: > >I've decided that I think it's important to CC this d-d: > >Debian has a good system of securing packages and making sure that only > >signed stuff comes to the user. > >Over time I've seen many holes in this: > >- packages that are just wrapper packages, download something from > >somewhere without doing any hashsum checks at all > >Some firmware packages, some font packages, documentation etc. is/was > >like that. > >- packages that eventually run some code which was downloaded > >unsecured. > >debootstrap used to be like that, pbuilder, and some others Only a bug if this happens by default. It is perfectly acceptable to support an option to disable SecureApt - just as long as this is not the default. Tools in Debian need to work with systems outside Debian and those do not necessarily *need* SecureApt because the entire loop is internal or even local to the one machine. > All(/most?) of those would be RC bugs. > I'll add to the list: > - Packages that download and run untrusted code at build time. ...if on Debian buildds or by default. Private buildd's, by a selectable option - not a bug. -- Neil Williams ============= http://www.linux.codehelp.co.uk/
Attachment:
pgpy4QtZkh2zx.pgp
Description: PGP signature