APT security and buildds

by Bastian Blank — last modified Jan 12, 2007 01:50 AM

Filed Under:

debian

For etch, we will have apt security in place, so we can be sure that the stuff comes from the correct archive. But it is not possible to disable that checks only for one source, just for anything.

Buildds uses at least one mirror: incoming.debian.org aka ftp-master.debian.org. There are two queues, the accepted autobuild queue and the main archive. The accepted autobuild queue is not signed at all, it does not provide a Release file. The archive needs some time to generate the Packages files each dinstall run and have broken sigs during this time.

This means: buildds can't use APT security at all. And no, there is no other mechanism to ensure data integrity.

Filed under: debian

Add comment

You can add a comment by filling out the form below. Plain text formatting. Web and email addresses are transformed into clickable links. Comments are moderated.

Name

Comment ■

Weblog Archive

2006

2007

2008

2009

2010
- August (1)

2011
- June (1)
- December (1)

Quills

Personal tools

Sections

APT security and buildds

2006

2007

2008

2009

2010

2011