Re: Recompilation of ALL Debian packages ...
Sven Luther <email@example.com> writes:
> On Fri, Sep 01, 2006 at 11:52:17PM -0700, Russ Allbery wrote:
>> Source-code trojans are more dangerous because people fear binaries but
>> think that if they've compiled it, it's fine, when the only real
>> distinction is between code that's been audited and code that hasn't.
>> Binaries built and uploaded by a maintainer who audits the upstream
>> code are significantly safer than uncompiled source code uploaded by a
>> maintainer who doesn't.
> The thing is, if you have no guarantee that the binaries effectively
> correspond to the sources you are auditing, then auditing is not going
> to do you any kind of good, don't you think ?
Which just says that you shouldn't audit the source code and then use
someone else's binaries supposedly built from it. Any organization
willing and capable of going to the work of auditing the source code can
certainly then also build their own binaries from exactly the source code
they audited, and should. Debian upload policies don't help them, one way
or the other, since the work of building the package is negligible next to
the work required for the audit and in that sort of situation not building
the package themselves would just reintroduce more risks than are worth
> I still believe that rebuilding everything is the best way to go, since
> it avoids any number of silly errors on the developer's part, and this
> would be a good thing for stability if nothing else.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>