Kris Kennaway wrote: > I'd be happy to work with someone who can implement a solution for the > package side. The important thing to keep in mind is that packages > are built automatically on many distributed machines. Any solution > for signing packages would therefore need to also be automated, > e.g. signing them automatically when the packages are pulled back from > the build client to server.
Even before you get to that point, you have to worry about making sure that the build clients are secure. One possibility which worries me a great deal is that a trojan in the build code for a low-profile port (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to gain control of a build client (and then insert trojans into packages which are built there). Of course, there are some mechanisms which can be used -- for example, jails -- but I'm not willing to trust the security of every system which ever installs FreeBSD packages to the hope that nobody will ever find a security flaw which permits a jailbreak. Once Xen is more mature, I imagine that it will be very useful for performing such builds securely. Colin Percival _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
