Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition

To: debian-devel@lists.debian.org
Subject: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
Date: Fri, 14 Feb 2014 19:31:20 +0000
Message-id: <[🔎] 783597.44818.bm@smtp131.mail.ir2.yahoo.com>
In-reply-to: <[🔎] CAA0ZO6ASVimCV-0zk9iV6h-8pW1MVVr_KLwieS=UuQpnzUu-mQ@mail.gmail.com>
References: <[🔎] 1392295131.23481.82943513.2A8023E7@webmail.messagingengine.com> <[🔎] 201402131713.36134.holger@layer-acht.org> <[🔎] CAFggDF1iGi23FAhWHsSWhSAcE1XSVViWNOb+i5n+SkYH4bq3_A@mail.gmail.com> <[🔎] 20140213184653.GA5700@jwilk.net> <[🔎] CAA0ZO6ASVimCV-0zk9iV6h-8pW1MVVr_KLwieS=UuQpnzUu-mQ@mail.gmail.com>

previously on this list Brian May contributed:

> After the damage is done, probably easier to find the malware that did it

Assuming the damage is visible?


> All rants aside, I believe there's a fairly wide agreement that we
> should throw away binaries from builds.  

>> I'd encourage something slightly different and then I'd expand on it a
>> bit.

Sounds like a plan but perhaps if they are not already? these uploads
should be enabled within their own apt sources line.

Whilst malicious code can be hidden in source and accompanying packages
such as via sidechannel attacks, any additional threats should be
avoided or users enabled to avoid them where possible.


-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
_______________________________________________________________________

Reply to:

References:
- Please upgrade your build environment when you are affected by transition
  - From: Ondřej Surý <ondrej@sury.org>
- when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Holger Levsen <holger@layer-acht.org>
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Jacob Appelbaum <jacob@appelbaum.net>
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Jakub Wilk <jwilk@debian.org>
- Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
  - From: Brian May <brian@microcomaustralia.com.au>

Prev by Date: Re: Honestly, f__k systemd and f__k lennart, and f__k the fans of them. Where's linus in all of this?
Next by Date: Re: anyone interested in cobbler?
Previous by thread: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
Next by thread: Re: when will we finally throw away binary uploads (Re: Please upgrade your build environment when you are affected by transition
Index(es):
- Date
- Thread