On Wed, 22 Dec 2010, Timo Juhani Lindfors wrote: > > script). The only way to completely prevent that would be to develop and > > build packages in a completely isolated (virtual machine) environment > Interesting ideas but don't you also need to run the produced binaries > in isolation?
exactly -- that is what I meant by 'built (...) and *tested*' ;) > If we assume a malicious upstream they can surely make > the build innocent but then have the produced binaries launch sudojump > >...< sure -- many bad things can happen in various reincarnations of the malicious desires of upstreams or just those who hijack their projects/distribution ;-) the question remains: how could we set our development environments so they remain convenient to use and would help us to detect such misdemeanours so we keep Debian infrastructure secure. Pure isolation of build/test environment would help, but without easy monitoring, it would just postpone detection of malicious attempts so they would activate (again) during builds across our buildd farm, or running on the boxes of those who installed the packages (often DDs as well, since we do eat our own ...) -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101222221651.gf8...@onerussian.com