[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recompilation of ALL Debian packages ...

also sprach Henning Makholm <henning@makholm.net> [2006.09.02.1552 +0200]:
> > And yes, I still think there's a difference between the two
> > scnearios: a clean source, 11 clean binaries, but one trojaned one
> > against an unclean source and 12 unclean binaries. As someone else
> > said, post-mortem it'll be *much* easier to deal with the latter.
> You seem to be assuming that porters are more trustworthy than
> other DDs. Why?

Don't porters work on DSA-controlled machines? It's not so much
about trusting the one doing the work as it is about not trusting
the environment in which a package was built.

Please do not send copies of list mail to me; I read the list!
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
NP: Pond / Pond

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

Reply to: