> The package will be compiled, and immediately signed with the packager's > key during compile process.
This isn't nice for batch builds: user leaves the computer building for hours, then runs librerelease, inputs the GPG passphrase for pinentry, gpg-agent will cache it for a short time. > 1) Someone or something could modify the package while it's sitting > around waiting to be uploaded on the packager's computer. If the developer changes file permissions so others can write to their files, and has malicious local users or sufficient remotely-exploitable vulnerabilities, there are much bigger problems. > 2) If librerelease is signing binaries only, what is to prevent someone > from taking a random modified binary and pushing it to the main repo > with their key? This can be solved only by not having the developers build and upload anything to the repo.
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
