Proposal: Discourage rpmbuild --sign
Rui Miguel Seabra
rms at 1407.org
Wed Dec 31 17:24:23 UTC 2003
On Wed, 2003-12-31 at 15:43, Michael Schwendt wrote:
> On Wed, 31 Dec 2003 02:42:28 -1000, Warren Togami wrote:
> > Proposal
> > ========
> > rpm-4.2.2 in rawhide and all future versions should discourage the use
> > of rpmbuild --sign. Perhaps this can be done effectively by adding a
> > large and annoying warning message and 15 second delay. Or disable it
> > completely. I don't care how, just discouragement should be done.
>
> This is an over-ambitious proposal. How do you want to prevent users from
> test-driving a built binary rpm with their normal user account where the
> malicious software has access to many other security relevant data?
> People don't build src.rpms for fun. They build them to install the built
> packages as root (!) and then to use them from within their normal user
> account.
He's talking about 'rpmbuild --sign zbr' and not 'rpmbuild zbr'
The problem is well explained, and only who doesn't believe a trojan
could be inject in apparently good source code (ie, downloaded from
sf.net, for instance -- ever heard of dns spoofs?) doesn't understand.
When I build RPMS for AbiWord, I build the RPMS with a specific user for
rpmbuilding, and sign the rpms afterward with my key, on my account.
Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031231/a0f57a44/attachment.sig>
More information about the fedora-devel-list
mailing list