[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discarding uploaded binary packages

Tollef Fog Heen <tfheen@err.no> writes:

> ]] Jakub Wilk 
>> What makes a buildd more secure than a machine of J. Random Developer?
> It has a smaller attack surface due to few users, firewalls, few
> packages installed, nobody using it for browsing the web, etc.

We seem to be forgetting, that the real advantage of source-only uploads
isn't necessarily security, but a controlled build environment on *all*

There is sbuild, pbuilder and the rest, but there are still packages
uploaded that are built in an unclean environment, thereby becoming
broken in various interesting ways.

Nevermind security, whether N buildds are more secure than 200N random
systems scattered around the world - a controlled environment makes
source-only uploads a win, without doubt.

(Of course, there's the corner case of bootstrapping things, but that's
a corner case, and should be handled as such, not as the norm.)


Reply to: