Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 09:33:40 +0100
  • Message-id: <1193906020.3576.139.camel@xxxxxxxxxxxx>

On Thu, 2007-11-01 at 09:03 +0100, Adrian Schröter wrote:
And you don't have to trust the packager, you trust the distribution and
it's security policy. And don't forget packages passes many hands before
ending up in the stable tree. In Debian/Ubuntu it goes from Experimental
to Unstable to Testing to Stable. I can assure that when it arrives at
Stable you can trust it for 100%. Gentoo/FreeBSD is the same, they have
a very, very long testing period for new packages finally arrive in the
stable tree.

This not true .. You need to trust the packager is working according to the
policy, you need to trust that the packager have reviewed the new source tar
ball and you need to trust that the original authors have not build in hidden
traps.

Good point I agree with you there. Although I consider chances that this
will happen rather slim.

Putting lots of packages into one large repo does not help you, as long you
do
not add extra review mechanisms. Which can't be that extensive, if you
increase the number of packages.

Since the are also different requeriments (you want to be more care full on
your critical server than on your test systems) it is better to have multiple
repositories with different requirements for the trust and let the user
decide.

I am not sure I am getting your point.

Compare this to the openSUSE buildservice where everyone can get an
account start a repo and wreck havoc because there aren't any safety
precautions.

Right, but only stuff in home:* can get added by them. So you are already one
step more secure when you do not use these repos.

Thank you. This is a very valuable lessen. What would be the best way to
communicate this to the user? And does this mean that the non home:*
are checked by openSUSE devs? Does this also include security fixes?

Since everything in the build service is free software you can always
check the source the packages are built from yourself if you wish, and
so can anyone else, which provides as much as a safeguard as possible.

This can be doen for a few packages that you manually compile, however
openSUSE relies so heavily on the buildservice for functionality that it
becomes a daunting task to check all these packages yourself.

All packages checked into the main distro get a review. This is also the
reaons why it takes sometime until a new version appears there.

I think it would be best to enlarge the packages that belong in the main
distro. Since openSUSE became open source this really should be possible
(one team focus on packaging another one putting the packages together
for a new distro).

What is indeed missing is a peer review and rating system to help the users
to
decide which repos to trust or not...

Does this have any chance to be implemented? I missed it on the
roadmap ;)

I personally consider this approach more secure than a one large repo where
everybody gets easily an account no one is really doing source reviews of new
submitted tar balls. One the other hand, our modell still allows that new
packagers can start immediatly and make their stuff available. It is up to
the user to install it or not. (and keep in mind that downloading the source
and install yourself is maybe even more unsecure, because there is not even a
packager review).


You're right about that. I do think that some improvements we can
greatly improve the security of the build service:

-Make it more difficult to add home:* repositories
-Add some kind of review and comments section to value to repositories.

How should we proceed to make this happen?


Thanks for addressing al my questions and for your constructive answers.




-
--
Regards,

Aniruddha

Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation