On Tue, 16 Oct 2012, Jakub Wilk <jw...@debian.org> wrote: > * martin f krafft <madd...@debian.org>, 2012-10-16, 08:21: > >>This is my opinion but I admit I have not followed previous > >>discussions on the subject.... > > > >http://lists.debian.org/debian-security/2004/09/msg00014.html > > > >We have not cared enough for almost 20 years that 9 out of 10 binary > >packages in use (i386 until 2005, amd64 since then) are built on > >machines that are individually maintained according to widely varying > >security standards to do anything about it, AFAICT. > > What makes a buildd more secure than a machine of J. Random Developer? > I'm honestly curious.
I believe that the sysadmin skill of the people who run the build servers is greater than that of most DDs. The Debian servers are run in relatively secure environments as opposed to DD workstations being laptops that are often stored in hotel rooms and other fairly insecure environments. There are a fairly small number of Debian servers. So even if the probability of system compromise for a Debian server was the same as for a laptop owned by a random DD the fact that DD workstations outnumber Debian servers by at least 200:1 makes them more of a risk. One final think to note is that if an attacker manages to compromise a Debian server they will probably start by compromising the workstation used by a random DD. So I don't think that the case of a compromised server with thousands of secure workstations is a case to prepare for, but the case of compromised workstation(s) before a compromised server is one to prepare for. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201210162300.31295.russ...@coker.com.au