Bojan Smojver wrote:
But what if
it is the src rpm that is compromised so the builds will be identical
because they both contain the modification?
That is not exactly the compromise of the build system and/or Fedora key, now is
it?
Is one significantly harder than the other? If it goes unnoticed the end
result could be the same.
If your own contributors are subverting the system by uploading borked
source, the mutli-key system isn't going to help (and I never claimed that).
I'm not proposing an intentional trojan source submission, but a
compromise that modifies it in an unexpected way. I'd think if you go to
the trouble to compare builds you'd also want an end-to-end validity
check on the input to be sure it wasn't compromised either at the source
or in transit.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
