Re: Compromising Debian Repositories

To: Volker Birk <vb@pibit.ch>
Cc: debian-security@lists.debian.org
Subject: Re: Compromising Debian Repositories
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 3 Aug 2013 16:47:17 -0300
Message-id: <[🔎] 20130803194717.GD10434@khazad-dum.debian.net>
In-reply-to: <[🔎] 20130803113750.GB5775@dingens.org>
References: <[🔎] CAKhc=u4jKgHLdsXpTB2ecQ1T2CEv-AMa5geM6OqN+sgcYKnP8g@mail.gmail.com> <[🔎] 51FCCA78.5080604@riseup.net> <[🔎] 20130803101706.GA363@dingens.org> <[🔎] 20130803104653.GA10501@master.debian.org> <[🔎] 20130803113750.GB5775@dingens.org>

On Sat, 03 Aug 2013, Volker Birk wrote:
> On Sat, Aug 03, 2013 at 08:46:53PM +1000, Aníbal Monsalve Salazar wrote:
> > On Sat, Aug 03, 2013 at 12:17:06PM +0200, Volker Birk wrote:
> > > Not to mention the build tool chains.
> > It reminds me of Ken Thompson's article Reflections on Trusting Trust.
> 
> Yes, that's what I'm alluding to. For attacking Debian, being a
> maintainer of say, binutils or gcc would be best. But hey, there are

You'd just go upstream, and attack all distros at once.  It is actually
safer that way.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Compromising Debian Repositories
  - From: Daniel Sousa <daniel@sousa.me>
- Re: Compromising Debian Repositories
  - From: adrelanos <adrelanos@riseup.net>
- Re: Compromising Debian Repositories
  - From: Volker Birk <vb@pibit.ch>
- Re: Compromising Debian Repositories
  - From: Aníbal Monsalve Salazar <anibal@debian.org>
- Re: Compromising Debian Repositories
  - From: Volker Birk <vb@pibit.ch>

Prev by Date: Re: Compromising Debian Repositories
Next by Date: Re: Compromising Debian Repositories
Previous by thread: Re: Compromising Debian Repositories
Next by thread: Re: Compromising Debian Repositories
Index(es):
- Date
- Thread