also sprach Russ Allbery <rra@debian.org> [2006.09.01.0241 +0200]:
> Rebuilding every package really doesn't buy you that much in the
> way of security.
This is arguable and I don't want to go there. The reason I am
pushing for this is because of two of my clients, who have been
wanting to use Debian for three years now but consciously decided
against it, because it is not guaranteed that the sources and the
binaries in our archives correspond for all architectures. They are
well aware that trojans can still exist, but it's an entirely
different thing whether they exist in source and hence in all
architectures (which would result in some serious negative feedback
or even revocation of upload rights), or just in one of the binaries
and hence would be much harder to detect/analyse.
> It makes it harder to hide what you did, but only harder; a rogue
> uploader could obfuscate a trojan in source code rather well. In
> the end, we still trust people in the keyring.
We do. Does that mean our clients do? Does it mean our clients have
to trust their machines?
I realise that on an academic level you are absolutely right, and
our users effectively trust every machine in use by developers.
However, security is not about secure vs. insecure, it's about
building blocks, and the harder we make it, the better. Every single
step counts, as long as its doable with reasonable effort.
> About the only thing you gain is the potential ability to do more
> detailed post-mortem analysis after something already exploded.
Accountability is very important to businesses.
We could argue endlessly about this, but I'd much rather move
forward. You say that it won't buy much, but you don't voice
a concern or vote against it. Therefore let's see how much effort it
would be and then assess whether it's a viable means forward to
recompile on all architectures.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
whatever you do will be insignificant,
but it is very important that you do it.
-- mahatma gandhi
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)