I am looking into the security policies outlined for package building, in order to include some notes regarding them in the section "How does Debian handle security" in the "Securing Debian Manual" (http://www.debian.org/doc/ddp)
For example, I have been recently asked if a maintainer can do whatever he wishes in a package. Can he? Sure, we have policies, but what if we have a debian developer distributing a trojan in a package. IMHO lintian does check many issues regarding policy, but it does not test potential security problems. I just made an empty package with dh_make with only a postinst having 'rm -rf /'. Lintian says: $ lintian test-rm*deb E: test-rm: description-is-dh_make-template E: test-rm: helper-templates-in-copyright W: test-rm: readme-debian-is-debmake-template W: test-rm: unknown-section unknown So. Since we do not source code audits of incoming packages and this kind of issues are not detected automatically... does this leave the Debian distribution open to attack if a developer box gets hacked into? I can only imagine this kind of automatic test for correct package being done using automatic installation on a controlled chrooted environment before accepting incoming packages on the upload queues). And, even so, events can be triggered only in some conditions. Should we improve lintian in order to yell if some (destructive) action is taken upon installation/de-installation? Should we further limit the kind of commands available on this scripts? (BTW, this only tackles he problem of installation scripts, not of the program itself...) Best regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]