On Thu, 1 Nov 2007, Aniruddha wrote:
On Thu, 2007-11-01 at 11:33 +0100, Guenter Dannoritzer
Gentoo/FreeBSD/Debian/Ubuntu/ you don't have to worry about that since
the maintainer of that package checks this for you.
Apparently in openSuSE there is no such safety precaution.
It appears to me that you are not worried about security, but driven by
affection to a certain distributions.
Off course this isn't a valid argument. Even if I am 'driven by affection
to a certain distributions' this has no effect on the validity of my arguments.
No. None of the distributions you mention has a way to prevent the basic
idea, that you need to trust somebody (and this multiple somebodies).
Some years ago I got maintainer of the "pavuk"-package. I
did major changes in the source code which resulted in a nearly 100% code
reworking. Now my pavuk version is in all the major packages (Debian, BSD,
SUSE, ...). If I would have included a malicious tool, the chances to
detect it are very low except you are highly experienced and I'm to dumb
to write such code (as I'm programming nearly 20 years now, already wrote
virus checkers and analyzed virues and do networking programming for 10
years now, I doubt that).
So when using pavuk, you need first to trust me. There are probably 3 to 5
people on the world, who did have a deeper look at the source code.
Probably 2 of them still are active (one of them am I).
Next you need to trust the package maintainers. E.g. for Debian Petr Czech
is probably the only one caring for it. He has little time and for
sure does not look at the code I change. Nobody else at Debian looks at
the stuff I think. If he would add a security hack, the changes would be
very high nobody could detect them (at least for a long time). So you need
to trust him also, when you use pavuk.
And when you install it, you probably do not even know, that you need to
trust me, him and all the previous pavuk authors (and also the server
maintainers, the build server maintainers and lots of other people).
So the idea you describe will only work for commercial companies and also
only for a small number of packages and also only to some extend (full
code reviews are much to expensive).
The way openSUSE is going now (individual keys, a network of trust, ...)
is the best possible solution, as it's the only working way.
Some suggestion I got when writing this.
1) Is it possible to view the packages source files from the point of
non-registered users? If not, this should be possible.
2) I would like a "package is downloaded unmodified from xxx" flag for the
3) A malware code scanner could be introduced, which from time to time
scans all the build-service stuff and searches code, which is know to
be malware (rootkits, ...)
(PGP key available)
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org