On Mon, 20 Sep 2004 06:15, martin f krafft <[EMAIL PROTECTED]> wrote: > I want to add another point to this discussion. While we cannot > prevent malicious maintainers from installing to the archives or > poisoning the buildds, requiring all binaries to be remade on the > buildds would rule out the possibility that an trojaned maintainer's > machine would cause infected software to be distributed in the > archives. > > Security it not absolute. But requiring all architectures to be > rebuilt does add a significant amount of security, IMHO.
Requiring all packages to be rebuilt will prevent the binary from not matching the source. But what if the source is modified? Taking over a DD's machine and modifying the source tree that is used to make the .diff.gz shouldn't be impossible. We don't have any source auditing processes that could deal with this. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]