Re: Official Debian digital 'branding' of debs
Manoj Srivastava wrote:
> A build demaon is automatically insecure. (think about it --
> if putting a key on the machine is insecure, which you recognize, how
> is an automatic build suddenly secure?)
You seem to have missed the post a few days ago explaining how it was
handled. They autobuild, then transfer the .changes to their home machine
and sign it there.
(Yeah, there are still some security ramifications, like what if someone
installed a gcc that generates code with backdoors, on the autobuilder..)
--
see shy jo
Reply to: