Re: Discarding uploaded binary packages

[Russell Coker <russell@coker.com.au>]

On Tue, 16 Oct 2012, Jakub Wilk <jwilk@debian.org> wrote:
> * martin f krafft <madduck@debian.org>, 2012-10-16, 08:21:
> >>This is my opinion but I admit I have not followed previous
> >>discussions on the subject....
> >
> >http://lists.debian.org/debian-security/2004/09/msg00014.html
> >
> >We have not cared enough for almost 20 years that 9 out of 10 binary
> >packages in use (i386 until 2005, amd64 since then) are built on
> >machines that are individually maintained according to widely varying
> >security standards to do anything about it, AFAICT.
> 
> What makes a buildd more secure than a machine of J. Random Developer?
> I'm honestly curious.

I believe that the sysadmin skill of the people who run the build servers is 
greater than that of most DDs.

The Debian servers are run in relatively secure environments as opposed to DD 
workstations being laptops that are often stored in hotel rooms and other 
fairly insecure environments.

There are a fairly small number of Debian servers.  So even if the probability 
of system compromise for a Debian server was the same as for a laptop owned by 
a random DD the fact that DD workstations outnumber Debian servers by at least 
200:1 makes them more of a risk.


One final think to note is that if an attacker manages to compromise a Debian 
server they will probably start by compromising the workstation used by a 
random DD.  So I don't think that the case of a compromised server with 
thousands of secure workstations is a case to prepare for, but the case of 
compromised workstation(s) before a compromised server is one to prepare for.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/