Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 18:25:02 +0100
  • Message-id: <1193937902.3576.278.camel@xxxxxxxxxxxx>
On Thu, 2007-11-01 at 10:36 -0600, Boyd Lynn Gerber wrote:
Off course it it is doable (see Debian/Gentoo/FreeBSD/Ubuntu) who
support up to 22000 packages. the only question is how ;)

Every Distribution/Unix/Linux variant has constraints. I have seen
exploits in all of them. Someone has to do the programming and checking.
There are not enought paid people on any of the Distribution or OS's to
really bring security to a C2 level(US). Novell/SUSE has done a lot in
getting security to a great level. Many of the packages in the 22000 have
not had a security audit. You still have to trust. I have worked with
the Devs on all the BSD variants. Just because they are in the
distribution does not make them more secure. I know. I have placed
reports and the authors have acknowlegded that no security audit has been
preformed. So please do not make general noise about how great the
security is. It is not there.

--
Boyd Gerber <gerberb@xxxxxxxxx>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx



Interesting view from the inside :). I can imagine that devs don't have
time for a full fledged security audit (reviewing all code manually).
And I don't think this is necessary, correct me if I am wrong. Are your
only experienced with 'BSD or also with Gentoo/Debian?

And again I don't have problems trusting repo's like openSUSE and
packman etc. It's impossible to tell if you can trust some *home repo
which concerns me.


--
Regards,

Aniruddha

Please adhere to the OpenSUSE_mailing_list_netiquette
http://en.opensuse.org/OpenSUSE_mailing_list_netiquette


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups