Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Sun, 4 Nov 2007 11:58:53 +0100
  • Message-id: <200711041158.53497.adrian@xxxxxxx>
On Thursday 01 November 2007 10:11:13 wrote Aniruddha:
On Thu, 2007-11-01 at 09:50 +0100, Adrian Schröter wrote:
I mean, each user has a different level on requirements. And he may even
decides different for his different systems.

This makes it hard to define one level and one single policy for us at
openSUSE, since the result of the highest security requirement would be a
very small distro with not really up2date software versions.

There are two extrems from "highest security needed" up to to "I do not
care, it is just for test or I just want the latest version".

So we can not define a single policy, but we can help the users to decide
themself.

Isn't possible to organize the buildservice around stability? That you
get a warning that "you are adding repositories from an 'unstable'
branch and is therefor untested?

Hm, stability is a different topic IMHO. Because also very well trusted
packagers might package something unstable, just for testing.

We need a field to be specified by the package / project owner in which state
he considers his package ( something like: Alpha, Beta or Stable state )

...
I think it would be best to enlarge the packages that belong in the
main distro. Since openSUSE became open source this really should be
possible (one team focus on packaging another one putting the packages
together for a new distro).

This conflicts with high security requirements ...

For example, SLES (or most secure product) has only ~ 50% of the packages
of openSUSE. Simply because it is not doable to apply all required rulse
for more packages.

Off course it it is doable (see Debian/Gentoo/FreeBSD/Ubuntu) who
support up to 22000 packages. the only question is how ;)

I seriously doubt that they do this at this level as we do. And they do not
have to, since there are no contracts with customers specifing this. Neither
no EAL certification needs to get fullfilled.

openSUSE distro has some lower riquerments, but still more than any build
service project. So, if you can wait until a new version gets added there
this is the most secure way.

Unlike SLE and openSUSE, the build service repos just get a peer review
only. This means, if there is something evil, either the packager needs
to react after reporting (or we as admins, esp. if the packager is the
evil guy).

Are these procedures written down? I think this would be good way to
start.

Yes, but only Novell internally atm. We can not open up these documents atm,
because they specify quite a lot internal stuff, but the good thing is that
with accepting source contributions via the build service early next year,
this is not need anymore :)

What is indeed missing is a peer review and rating system to help the
users to decide which repos to trust or not...

Does this have any chance to be implemented? I missed it on the
roadmap ;)

It was unfortunatly not as important as other stuff listed there, so I
can not promise any date right now.

However, if someone is willing to work on it, we will help him of course
!

What kind of help are you looking for?

I think we look for people knowing or willing to learn ruby/rails and
improving the users.o.o (and later api.o.o and build.o.o) service for
allowing rating of of people.

How should we proceed to make this happen?

We have a minimal base for the trust handling with our new user
directory. If someone wants to extend this, that users can be rated by
other users and that a certain trusted group is allowed to change user
trust leveling it would help a lot.

We can automatically show the level of trust for a project afterwards, if
we know how much we can trust the people with write access there.
(additionally they should be allowed do downgrade their project as well,
if they do not trust it much either, because they downloaded some
untrusted source ;)

So, if you would like to work on this, we are happy to help you. The
source is part of the opensuse svn on forge already and we can make a
(irc?) meeting where we discuss details and the design a bit more.

Does anyone have interesst in this ?

I certainly hope so! As I said I am not a programmer but I am willing to
help i any way I can to make the openSUSE buildservice more secure. An
irc meeting to discuss ideas and setup a plan would be a great start! :)

anyone else interessted ?

Otherwise we can discuss this personal on IRC or via mail. But you would need
to become a programmer for this ;)

bye
adrian

--

Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian@xxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation