Hi, On 16.10.2012 14:00, Russell Coker wrote: > There are a fairly small number of Debian servers. So even if the > probability > of system compromise for a Debian server was the same as for a laptop owned > by > a random DD the fact that DD workstations outnumber Debian servers by at > least > 200:1 makes them more of a risk.
Not a strong argument. The impact of a compromise of a buildd [or J Random Developer's machine running the buildd] is substantially higher given the compromise would affect 30k source packages, as opposed to [1, $whatever_gregoa_maintains_today[ of packages distributed amongst 950+ individual machines. Moreover, if you go down that path, you do not win anything of the state being, as an attacker can still make a sourceful upload which enters the archive unaudited as well. Not to say, throwing away binary packages would be a bad idea though. We just need someone to care enough to implement missing bits and find a way how to deal with arch:all. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D
signature.asc
Description: OpenPGP digital signature
