I want to add another point to this discussion. While we cannot prevent malicious maintainers from installing to the archives or poisoning the buildds, requiring all binaries to be remade on the buildds would rule out the possibility that an trojaned maintainer's machine would cause infected software to be distributed in the archives. Security it not absolute. But requiring all architectures to be rebuilt does add a significant amount of security, IMHO. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <firstname.lastname@example.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Description: Digital signature