On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote: > * Wouter Verhelst: > > That's inevitable because http://incoming.debian.org is not signed; The > > update frequency of that repository (which is available only to buildd > > hosts by IP and/or password protection) makes that impossible
Nack. The Release files are automaticaly signed. The problem is that the accepted queue is no complete dist but only a Packages file, so there is no Release file to be signed. > In this case, HTTPS should be used to download the packages, together > with proper certificate validation. This has got the added benefit that > passwords aren't sent in the clear (well, unless an error occurs, but > this is a separate issue). You try to fix one of the problems with buildds. You need to spoof DNS or similar things to overtake the main mirror. There is a much worser problem, the build logs which are usualy used to generate the signed changes file are not authenticated in any way. This bug can be triggered by anyone and at least the security team usualy don't know where logs may come from. Bastian -- You're dead, Jim. -- McCoy, "Amok Time", stardate 3372.7 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]