[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: Rebuilding packages on *all* architectures
From: martin f krafft <madduck () debian ! org>
Date: 2004-09-25 8:54:34
Message-ID: 20040925085434.GB11169 () fishbowl
[Download RAW message or body]
also sprach Russell Coker <russell@coker.com.au> [2004.09.24.1653 +0200]:
> But what if the source is modified? Taking over a DD's machine
> and modifying the source tree that is used to make the .diff.gz
> shouldn't be impossible. We don't have any source auditing
> processes that could deal with this.
Finding a security breach in the source is way easier than if it's
just present in the binary but has been cleaned from the source
subsequently. As I said, we won't manage to guard against all
security issues. However, we should guard against those where the
effort-effect ratio is low, and I think rebuilding binaries for all
arches is rather low effort.
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
["signature.asc" (application/pgp-signature)]
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic