On Mon, Sep 24, 2007 at 06:20:40PM -0500, Manoj Srivastava wrote: > On Tue, 25 Sep 2007 00:04:15 +0200, Martin Uecker <[EMAIL PROTECTED]> said: > > > It would be enough when just a few people are actually recompiling the > > binaries and compare it to the official debian packages. Then > > *everbody* could trust that the packages are not modified, because any > > modification would be detected immediatley. This is only possible with > > bit-identical binaries. > > Err, what? Why would everyone do that? I mean, you do not trust > the Debian distribution system, the archive gpg signatures, the md5sums > on the package, etc, and ye5t you are willing to accept mails from > other people that things are oK?
No. I would trust the binaries if there are *no mails* from other people that things are *not ok*. Because everybody can check that the binaries are not compromised, you can actually be quite sure that things are ok, as long as nobody complains. And if doubts come up, I can check myself. This actually the same principle on wich science is build: falsifiability. Compare this to the current system: The trustworthiness of *all* DDs wich maintain packages which are installed on my systems, the security of *all* computers those DDs store their keys on, the security of the build host, the gpg signatures and the md5sums are actually a chain of trust where the weakest link determines the total security. Martin
