[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recompilation of ALL Debian packages ...

On Fri, Sep 01, 2006 at 11:52:17PM -0700, Russ Allbery wrote:
> martin f krafft <madduck@debian.org> writes:
> > also sprach Russ Allbery <rra@debian.org> [2006.09.02.0141 +0200]:
> >> I honestly think the security argument for doing this is silly.
> > Clients do not want to hear something like that.
> People frequently don't want to hear that ideas they've latched on to
> don't really have much basis in fact.  If I were expressing that directly
> with a client, I would probably use a softer expression of the idea than
> "silly," of course.  I would, however, not want to let someone keep the
> notion that binaries are dangerous but source code is somehow safer.  It's
> not true (at least in any significant sense), nor is it true that
> source-only uploads provide any more accountability than the system we
> have now.
> Source-code trojans are more dangerous because people fear binaries but
> think that if they've compiled it, it's fine, when the only real
> distinction is between code that's been audited and code that hasn't.
> Binaries built and uploaded by a maintainer who audits the upstream code
> are significantly safer than uncompiled source code uploaded by a
> maintainer who doesn't.

The thing is, if you have no guarantee that the binaries effectively
correspond to the sources you are auditing, then auditing is not going to do
you any kind of good, don't you think ?

I still believe that rebuilding everything is the best way to go, since it
avoids any number of silly errors on the developer's part, and this would be a
good thing for stability if nothing else.

Also, imagine a statically linked binary, which happens to have been built
with an non-official library on the developper machine, or with devel X
libs,or whatever else. I guess all those already happened in the past.

Not to count the few packages which are not buildable out of main, but need
some extra non-official packages or manipulation to bootstrap (like the
gcc/glibc pair for example).


Sven Luther

Reply to: