Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 15:17:21 +0100
  • Message-id: <1193926641.3576.202.camel@xxxxxxxxxxxx>

On Thu, 2007-11-01 at 11:50 +0100, Guenter Dannoritzer wrote:
Aniruddha wrote:

[...]

I think it would be best to enlarge the packages that belong in the main
distro. Since openSUSE became open source this really should be possible
(one team focus on packaging another one putting the packages together
for a new distro).

No way. Now you are digging the security hole. What you have now is a
fairly secure distribution with a set of core packages. Every repository
you add from the build service is up to your trust.

Again it's impossible to tell if you can trust some *home repo. Off course I
trust
the build service repo's as wel packman repo's. For me this isn't a
problem but for other users it might be. Let's for example take an
executive that uses it's laptop to work at home, listen to mp3's and
watch dvd's. His laptop contains sensitive data. To be 100% secure
either:

-He ends up with 'barenaked version' on which he only can work.
-Adds some trusted repositories (buildservice, packman) to get
additional functionality

It would not be advisable for him to use openSUSE buildservice and it's
1-Click install service.

I see that as a security policy. The big point is that I trust the core
distribution. If you now add more packages to the core distribution, it
will suffer in quality and security unless you increase the core team to
handle the increased number of packages.

Since openSUSE is opensourced that would be the way to go (attract more
devs & support more packages)

Instead it would be rather good to add some review policy for the build
service, independent of the core distribution. That review team would
give some quality and security certificates to packages.


That would be a great step forward.


--
Regards,

Aniruddha

Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation