Re: Discarding uploaded binary packages
Tollef Fog Heen <email@example.com> writes:
> ]] Jakub Wilk
>> What makes a buildd more secure than a machine of J. Random Developer?
> It has a smaller attack surface due to few users, firewalls, few
> packages installed, nobody using it for browsing the web, etc.
We seem to be forgetting, that the real advantage of source-only uploads
isn't necessarily security, but a controlled build environment on *all*
There is sbuild, pbuilder and the rest, but there are still packages
uploaded that are built in an unclean environment, thereby becoming
broken in various interesting ways.
Nevermind security, whether N buildds are more secure than 200N random
systems scattered around the world - a controlled environment makes
source-only uploads a win, without doubt.
(Of course, there's the corner case of bootstrapping things, but that's
a corner case, and should be handled as such, not as the norm.)