Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 15:06:39 +0100
  • Message-id: <1193925999.3576.190.camel@xxxxxxxxxxxx>
On Thu, 2007-11-01 at 11:33 +0100, Guenter Dannoritzer wrote:
Aniruddha wrote:
On Thu, 2007-11-01 at 00:39 +0100, Guenter Dannoritzer wrote:
[...]
Would you trust a software, that you compile yourself from source on
your computer, more than a RPM package of that software that you got
from the build service? How would you tell that the source does not
contain malicious parts?

In Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since
the maintainer of that package checks this for you.

Apparently in openSuSE there is no such safety precaution.


It appears to me that you are not worried about security, but driven by
affection to a certain distributions.

Off course this isn't a valid argument. Even if I am 'driven by affection
to a certain distributions' this has no effect on the validity of my arguments.

Nonetheless I will address your argument. I do think that Debian (Etch)
is completely unusable because of it's inconsistent and buggy nature. I
think that FreeBSD is great for servers but unusable for desktop (try
upgrading xorg and your in for a days work. Gentoo is fine but only
useful for absolute beginners (who don't want to install software
themselves) or for expert users.


I could argue that I do not trust any of the distributions you just
named, because non of their developers is accountable to any
organization. In contrast the core developer of openSUSE are employees
and accountable to their company.

If you are really concerned about security you have to go the whole way.
The first step is to make sure the source is clean. Then check that the
build was done with that clean source and not manipulated. Finally that
the package you are installing is really the one that got build with the
build service.

That's what the package maintainers do.



--
Regards,

Aniruddha

Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
References