also sprach Goswin von Brederlow <[EMAIL PROTECTED]> [2004.09.05.1807 +0200]:
> The binary is needed because otherwise the -all packages would be
> missing and there would be no deb package in the archive holding
> the source in.

I am not sure I understand that. Then the source should only
propagate to unstable when the first buildd is done. Or at least,
the buildd's DEB should replace the one in unstable.

> Sure, the DD could insert some trojan into the binary. He could
> also insert a trojan into the source. And you are aware of the
> thread about that buildds are run partly by non DDs which can't be
> trusted and thus the archive is tainted by the autobuild debs?

I was not aware of this, and I consider it a horrible state of
affairs. Seriously, if this becomes public, Debian is in serious
trouble, I think.

> A DD could also upload a binary recompile NMU with some flimsy
> excuse for package foo with a trojan, then upload source for
> package bar that Build-Depends: foo to get the trojan installed on
> the buildds and then upload a new foo source to remove the tainted
> foo and cover his tracks. The buildds would then be tainted and
> could insert trojans into every build package.

Oh dear.

> I too think that the Debian autobuilders should compile the DEB files
> for *all* architectures. The should also compile the Arch: all
> packages. But security it the least of my worries.

And it's among the greatest of mine.

Previously, I considered Debian to be among the secure distros,
partially because of its cleanliness, partially because of QA. Now
I am beginning to see Debian as a real problem in terms of security.
No clue what the state is with the other distros, but who cares? The
point is that the current infrastructure and its consequences do
*not* make Debian a viable choice when security is a factor.

Something has to be done. I am pondering...

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <[EMAIL PROTECTED]>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply via email to