On Thu, 2007-11-01 at 15:41 +0100, Dirk Stoecker wrote:
On Thu, 1 Nov 2007, Aniruddha wrote:
On Thu, 2007-11-01 at 11:33 +0100, Guenter Dannoritzer wrote:
In Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since the maintainer of that package checks this for you.
Apparently in openSuSE there is no such safety precaution.
It appears to me that you are not worried about security, but driven by affection to a certain distributions.
Off course this isn't a valid argument. Even if I am 'driven by affection to a certain distributions' this has no effect on the validity of my arguments.
No. None of the distributions you mention has a way to prevent the basic idea, that you need to trust somebody (and this multiple somebodies).
Some years ago I got maintainer of the "pavuk"-package. I did major changes in the source code which resulted in a nearly 100% code reworking. Now my pavuk version is in all the major packages (Debian, BSD, SUSE, ...). If I would have included a malicious tool, the chances to detect it are very low except you are highly experienced and I'm to dumb to write such code (as I'm programming nearly 20 years now, already wrote virus checkers and analyzed virues and do networking programming for 10 years now, I doubt that).
So when using pavuk, you need first to trust me. There are probably 3 to 5 people on the world, who did have a deeper look at the source code. Probably 2 of them still are active (one of them am I).
Next you need to trust the package maintainers. E.g. for Debian Petr Czech is probably the only one caring for it. He has little time and for sure does not look at the code I change. Nobody else at Debian looks at the stuff I think. If he would add a security hack, the changes would be very high nobody could detect them (at least for a long time). So you need to trust him also, when you use pavuk.
And when you install it, you probably do not even know, that you need to trust me, him and all the previous pavuk authors (and also the server maintainers, the build server maintainers and lots of other people).
So the idea you describe will only work for commercial companies and also only for a small number of packages and also only to some extend (full code reviews are much to expensive).
The way openSUSE is going now (individual keys, a network of trust, ...) is the best possible solution, as it's the only working way.
Thanks for replying, you brought some interesting points from an inside perspective :). As stated in my precious mail I think the biggest problems is with the home:* repo's. How can we ensure security for these?
Some suggestion I got when writing this.
- A malware code scanner could be introduced, which from time to time scans all the build-service stuff and searches code, which is know to be malware (rootkits, ...)
This would be great. I already contacted several vendors to ask if they provide malware protection (specifically rootkits).
OSS Clamav only viruses
Commercial - gratis f-prot ( http://www.f-prot.com/products/home_use/linux/ ) Might work against rootkits. I'll contact them.
Commercial Kasperksy ( http://www.kaspersky.com/anti-virus_linux_workstation#av ) Contacted them several weeks ago still no response