On Mon, Mar 14, 2005 at 08:07:03PM +0100, Wouter Verhelst wrote: > Op ma, 14-03-2005 te 19:15 +0100, schreef Sven Luther: > > so the buildd admin really examine all the packages for deviation that a > > compromised buildd could have incorporated before signing them ? Or that > > they > > scan the machine for a compromise and always detect them before signing ? > > Not really. > > As you know, nothing gets uploaded to the archive without it having a > gpg signature by a key in the Debian gpg keyring. That goes for > autobuilt packages, too. > > Also, I never sign stuff unless it gets through my filters and into the > right Maildir (and one of the things my filters check is the 'From' > address), so only the correct host will be able to upload. > > Apart from that, I regularly log in to my buildd hosts, and check up on > them. If the host were compromised, I'd notice -- just as much as I'd > notice if anyone would compromise my firewall.
But you would notice all this just the same if the signing where automated, don't you ? None of the procedures above would allow you to discover a package built on a compromised buildd in a better way than if it was auto-signed. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]