Re: How secure is the openSUSE Build Service?
- From: Thomas <tom@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 12 Nov 2007 10:39:14 +0100
I think it is *not* less secure. In the case of OSS it doesn't matter
anymore. When you trust several thousands developers around the globe,
hundreds of CVS, SVN, rsync, FTP, HTTP servers used for development and
dozens of distribution then *one* additional layer in the distribution
process doesn't really matter.
It is a matter of trust and not a matter of security.
A matter of trust, not security?!?
That's the most bizarre thing I've heard this week, and it's been a very
strange week. Security is fundamentally about trust, from the very basis of
how we even attempt to build secure systems--cryptographic primitives such as
Ok, initially I did not want to go this far to avoid the discusions about
open-source software and commercial/closed-source software; but...
First I did not talk about technical trust.
We have two choices, the open-source operating system vendors/distributors like
*BSD, Red Hat, SUSE, etc. And on the other side you have commercial vendors like
IBM, Sun, Microsoft, Apple, ...
Some people dislike the policy of a commercial company or it's CxO's or fear
that the government has too much influence on that company. Other do not trust
these hobbyist from all around the globe, maybe some of them are from countries
that are in political/ethical/religious conflict with the country of the user.
Reasons for trust and the lack of it are manifold.
These creates a closed resp. complex situation that has many parts lying in the
dark and a user has to make a choice which is not completely based on facts
but on trust. Who do I trust, the business folks with their neckties and suites
or these guys with the long beards that listen to the same music as I do?
(That is what I meant with trust.)
Another part in this trust model is the crpyto. signature of the distributor,
say SUSE, that is added to each package they ship.
This enables you to verify the integrity of the way of transportation of the
software. This is a security measure because you do not trust the transit of
the packages and can technically verify it.
But this signature also implies that SUSE trusts the OSS developers otherwise
they would not sign their code.
This signature from SUSE or the 3rd party repo.s did not guarantee that the code
that is installed on your system has no backdoors or security bugs. On the other
side developers payed by a company do also not guarantee flawless (neither by
accident or by intention) code.
Did this make the difference clear I want to show?
fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF
- Prev by Date: Re: How secure is the openSUSE Build Service?
- Next by Date: important errors to control with swatch
- Previous by thread: Re: How secure is the openSUSE Build Service?
- Next by thread: Re: How secure is the openSUSE Build Service?