Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
[opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Guenter Dannoritzer <kratfkryksqq@xxxxxxxxxxxxx>
  • Date: Thu, 01 Nov 2007 15:29:04 +0100
  • Message-id: <fgcnrg$dil$1@xxxxxxxxxxxxx>
Aniruddha wrote:
On Thu, 2007-11-01 at 11:33 +0100, Guenter Dannoritzer wrote:
[...]

If you are really concerned about security you have to go the whole way.
The first step is to make sure the source is clean. Then check that the
build was done with that clean source and not manipulated. Finally that
the package you are installing is really the one that got build with the
build service.

That's what the package maintainers do.

First, what makes you trust a package maintainer from any other
distribution more than a package maintainer from openSUSE? Unless you
know a person personally I don't see any difference.

Second, I am questioning whether there is any package maintainer that
checks a software for malicious parts. There are people that check for
security breaches in software, but they are not necessarily package
maintainer. I would assume that the major time a package maintainer
spends in getting the software to build and fit into the distribution.

Guenter

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups