also sprach Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> [2004.09.05.1807 +0200]: > The binary is needed because otherwise the -all packages would be > missing and there would be no deb package in the archive holding > the source in. I am not sure I understand that. Then the source should only propagate to unstable when the first buildd is done. Or at least, the buildd's DEB should replace the one in unstable. > Sure, the DD could insert some trojan into the binary. He could > also insert a trojan into the source. And you are aware of the > thread about that buildds are run partly by non DDs which can't be > trusted and thus the archive is tainted by the autobuild debs? I was not aware of this, and I consider it a horrible state of affairs. Seriously, if this becomes public, Debian is in serious trouble, I think. > A DD could also upload a binary recompile NMU with some flimsy > excuse for package foo with a trojan, then upload source for > package bar that Build-Depends: foo to get the trojan installed on > the buildds and then upload a new foo source to remove the tainted > foo and cover his tracks. The buildds would then be tainted and > could insert trojans into every build package. Oh dear. > I too think that the Debian autobuilders should compile the DEB files > for *all* architectures. The should also compile the Arch: all > packages. But security it the least of my worries. And it's among the greatest of mine. Previously, I considered Debian to be among the secure distros, partially because of its cleanliness, partially because of QA. Now I am beginning to see Debian as a real problem in terms of security. No clue what the state is with the other distros, but who cares? The point is that the current infrastructure and its consequences do *not* make Debian a viable choice when security is a factor. Something has to be done. I am pondering... -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature