[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recompilation of ALL Debian packages ...

martin f krafft wrote:

> also sprach Russ Allbery <rra@debian.org> [2006.09.01.0241 +0200]:
>> Rebuilding every package really doesn't buy you that much in the
>> way of security.
> This is arguable and I don't want to go there. The reason I am
> pushing for this is because of two of my clients, who have been
> wanting to use Debian for three years now but consciously decided
> against it, because it is not guaranteed that the sources and the
> binaries in our archives correspond for all architectures. They are
> well aware that trojans can still exist, but it's an entirely
> different thing whether they exist in source and hence in all
> architectures (which would result in some serious negative feedback
> or even revocation of upload rights), or just in one of the binaries
> and hence would be much harder to detect/analyse.

How big are your clients?  If they're good-sized companies with a spare 
computer, they can compile all the packages they use locally from Debian 
source with not *too* much work.

Nathanael Nerode  <neroden@fastmail.fm>

Bush admitted to violating FISA and said he was proud of it.
So why isn't he in prison yet?...

Reply to: