| Karl Hegbloom 2004-07-04, 8:16 am |
| On Wed, 2004-06-09 at 06:44 -0700, Karl Hegbloom wrote:
> Paranoia department (sign my key; target on my back):
>
> Government and corporate users who are somewhat paranoid can set up a
> quarantine mirror, mirror only source packages, and set up a build
> daemon, right? The software setup for doing that should be packaged and
> made turnkey. It seems less likely that the source package will contain
> the patch that adds the back door than it does that a binary could be
> patched with compromise codes, built, un-patched, then the source
> package built.
>
> Perhaps uploading of binary packages should be done away with
> altogether, and all packages should be built on known secure servers by
> a build daemon? It's easier to verify the source code and patches than
> it is to verify a binary, right? Then it comes down to who's in control
> of the build servers, the archive network, and networks in between those
> hosts.
I've been thinking about this again. What if Debian:
* Got rid of binary uploads, and went to source package only uploads,
and then everything is built by the build daemon.
* All packages are held in double custody, and cannot go into the
archive until they are verified and signed by at least two maintainers.
The two cannot be people who would be likely to be in cahoots with one
another, especially for libraries that a lot of packages depend on
(hairy nodes) and security centric software...
I suppose anything that can attach to the X server can watch
keystrokes? Is that true? A library used by SSH could maybe
patch in and record your remote login passwords, then send them
off to the virus factory. There's probably a lot of tricks I've
never heard or thought of.
[ ... interjecting a funny thought I just had... what if that
dust ball character in User Friendly is a node in a dotty graph
with lots of edges... he's the circle with a lot of lines going
away... a hairy node :-) Never mind. ]
* Debian implements SELinux, stack guard, ... ?
Fresh RPM's anyone? ;-)
--
Karl Hegbloom <hegbloom@pdx.edu>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|