On 2014-02-15 15:34, Henrique de Moraes Holschuh wrote:
On Sat, 15 Feb 2014, Philipp Kern wrote:That's why I was careful to publish the address nowhere. We do someUnfortunately, that cat is out of the bag, now. Whether it will get spammedor attacked, I don't know.However, it is not like we ever could trust the logs anyway for any security purposes, as they are not signed by the same key that signed the respective changes file for the upload. Currently, they're useful for debug purposes,and that's it (which is fine).
Yeah, they could be, if sbuild is extended to sign the logs. That said, we do trust our mail-in. We can trust the received headers to some degree (for timestamps and where the mail came from), but we cannot rule out on-disk tampering.
Kind regards Philipp Kern