Florian Weimer writes (Re: buildds: Authentication warning overridden.):
In this case, HTTPS should be used to download the packages, together
with proper certificate validation. This has got the added benefit that
passwords aren't sent in the clear (well, unless an error occurs
On Sun, Nov 11, 2007 at 09:24:12AM -0800, Steve Langasek wrote:
On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote:
* Wouter Verhelst:
That's inevitable because http://incoming.debian.org is not signed; The
update frequency of that repository (which is available only to
* Michael Banck:
Assuming that compromised mirrors get quickly identified by people using
signatures, and buildd packages having to be uploaded directly, the
amount of compromised packages this way is probably small, so they can
be rebuilt using packages from another mirror, after the build
* Wouter Verhelst:
That's inevitable because http://incoming.debian.org is not signed; The
update frequency of that repository (which is available only to buildd
hosts by IP and/or password protection) makes that impossible -- or at
least that's what I understood; you may want to check with
On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote:
* Wouter Verhelst:
That's inevitable because http://incoming.debian.org is not signed; The
update frequency of that repository (which is available only to buildd
hosts by IP and/or password protection) makes that impossible --
Michael Banck wrote:
Assuming that compromised mirrors get quickly identified by people using
signatures, and buildd packages having to be uploaded directly, the
amount of compromised packages this way is probably small, so they can
be rebuilt using packages from another mirror, after the
On Sun, Nov 11, 2007 at 09:24:12AM -0800, Steve Langasek wrote:
On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote:
* Wouter Verhelst:
That's inevitable because http://incoming.debian.org is not signed; The
update frequency of that repository (which is available only to
On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote:
* Wouter Verhelst:
That's inevitable because http://incoming.debian.org is not signed; The
update frequency of that repository (which is available only to buildd
hosts by IP and/or password protection) makes that impossible
On Fri, Nov 09, 2007 at 08:54:06PM -0600, Raphael Geissert wrote:
Michael Banck wrote:
Won't somebody else stop the attack in their place then, who does check
the signatures?
If a mirror is compromised, unless I'm missing something, it won't be
updated until ftp-master sends a mirror
On Fri, Nov 09, 2007 at 06:53:12PM -0600, Raphael Geissert wrote:
Hi all,
It's not uncommon to see buildds (actually build tools) override the
package/Release signature warning.
That's inevitable because http://incoming.debian.org is not signed; The
update frequency of that repository (which
Hi all,
It's not uncommon to see buildds (actually build tools) override the
package/Release signature warning.
So I was wondering, what is the point of having such a signatures
verification system if the build systems do not care about them?
I know the main target is to prevent end users from
Raphael Geissert wrote:
Hi all,
It's not uncommon to see buildds (actually build tools) override the
package/Release signature warning.
So I was wondering, what is the point of having such a signatures
verification system if the build systems do not care about them?
I know the main target is to
[I read the list, no need to reply To me, thanks]
Steve McIntyre wrote:
That's all well and good, but the buildds also depend on using
packages from (for example) incoming, which it is not feasible to
sign.
Even tough incoming is not signed, packages require a valid DD/similar
signature
On Fri, Nov 09, 2007 at 08:00:15PM -0600, Raphael Geissert wrote:
Steve McIntyre wrote:
That's all well and good, but the buildds also depend on using
packages from (for example) incoming, which it is not feasible to
sign.
Even tough incoming is not signed, packages require a valid
Michael Banck wrote:
Won't somebody else stop the attack in their place then, who does check
the signatures?
If a mirror is compromised, unless I'm missing something, it won't be
updated until ftp-master sends a mirror push. And the period of time
between the last mirror push, the compromise
15 matches
Mail list logo
