[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discarding uploaded binary packages


On 16.10.2012 14:00, Russell Coker wrote:
> There are a fairly small number of Debian servers.  So even if the probability 
> of system compromise for a Debian server was the same as for a laptop owned by 
> a random DD the fact that DD workstations outnumber Debian servers by at least 
> 200:1 makes them more of a risk.

Not a strong argument. The impact of a compromise of a buildd [or J
Random Developer's machine running the buildd] is substantially higher
given the compromise would affect 30k source packages, as opposed to [1,
$whatever_gregoa_maintains_today[ of packages distributed amongst 950+
individual machines.

Moreover, if you go down that path, you do not win anything of the state
being, as an attacker can still make a sourceful upload which enters the
archive unaudited as well.

Not to say, throwing away binary packages would be a bad idea though. We
just need someone to care enough to implement missing bits and find a
way how to deal with arch:all.

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: