On Tue, Jan 15, 2013 at 10:13 AM, Matthew Seaman <matt...@freebsd.org>wrote:
> On 14/01/2013 22:44, n j wrote: > > One thing to think about would be the option of port maintainers > uploading > > the pre-compiled package of the updated port (or if the size of the > upload > > is an issue then just the hash signature of the valid package archive so > > other people with more bandwidth can upload it) to help the package > > building cluster (at least for mainstream architectures). The idea behind > > it being that the port maintainer has to compile the port anyway and pkg > > create is not a big overhead. The result would be a sort of distributed > > package building solution. > > > Sorry. Distributed package building like this is never going to be > acceptable. Too much scope for anyone to introduce trojans into > packages. Building packages securely is a very big deal, and as recent > events have shown, you can't take any chances. > > Cheers, > > Matthew > I'd trust this system as far as I trust port maintainers right now. I understand that a port maintainer can submit arbitrary MASTER_SITES in a port Makefile which allows the maintainer to inject malware as they wish. If I trust the port maintainer to make me download and build something coming from e.g. http://samm.kiev.ua or http://danger.rulez.sk (just random picks, no offense intended), then I'd trust that maintainer to upload the package for me or submit a SHA256 hash that the correct package must have. So if somebody else were to build the package, the server would accept the upload only if it matches the hash. Am I overlooking something? Is there some kind of port verification by someone from the team prior to accepting the port submission? -- Nino _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"