Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > linux.debian.vote > #4551

Re: Security review of tag2upload

From Gunnar Wolf <gwolf@debian.org>
Newsgroups linux.debian.vote
Subject Re: Security review of tag2upload
Date 2024-06-16 09:00 +0200
Message-ID <IPS1P-3hLR-5@gated-at.bofh.it> (permalink)
References <IOl7X-2gWq-1@gated-at.bofh.it> <IPOrf-3fLN-1@gated-at.bofh.it> <IPRS9-3hIr-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

Russ Allbery dijo [Sat, Jun 15, 2024 at 11:44:35PM -0700]:
> A tag2upload server compromise is fairly serious.  A compromise of any of
> tag2upload, dak, or the buildds have roughly equally serious potential
> impact on the archive as far as I can tell, although the details differ.
> In all three cases, you need reproducible builds to reliably detect the
> compromise, although in the tag2upload case you only need reproducible
> source builds for the specific set of source transformations that
> tag2upload is willing to perform, which I believe is a much easier problem
> than the reproducible binary builds required to detect buildd or dak
> compromises.  dak, uniquely, can meddle with either source *or* binary
> packages, but dak meddling with source packages will break the signatures
> on those packages, so is somewhat easier to detect than dak meddling with
> binary packages.

This paragraph can even enable what could amount to an interesting
synergy.

More than one tag2upload instance can be set up. Due to its
architecture, they can be non-internet-accessible systems (naturally,
they will require to _access_ the network, or at least Salsa). This
can be paired with the requirement that all uploads made via
tag2upload are reproducible.

Because, if they are, dak can be made to take a tag2upload-provided
package as valid only if two identical packages are presented, built
by at least two independent tag2upload instances.

Back to linux.debian.vote | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-12 03:40 +0200
  Re: Security review of tag2upload Antoine Beaupré <anarcat@debian.org> - 2024-06-12 19:20 +0200
    Re: Security review of tag2upload Simon McVittie <smcv@debian.org> - 2024-06-12 20:00 +0200
      Re: Security review of tag2upload Sam Hartman <hartmans@debian.org> - 2024-06-12 21:50 +0200
    Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-12 20:30 +0200
  Re: Security review of tag2upload Simon Josefsson <simon@josefsson.org> - 2024-06-13 16:00 +0200
    Re: Security review of tag2upload Simon Richter <sjr@debian.org> - 2024-06-13 16:10 +0200
      Re: Security review of tag2upload Simon Josefsson <simon@josefsson.org> - 2024-06-13 17:00 +0200
    Re: Security review of tag2upload Marco d'Itri <md@Linux.IT> - 2024-06-13 18:40 +0200
      Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-13 20:00 +0200
        Re: Security review of tag2upload Sam Hartman <hartmans@debian.org> - 2024-06-13 23:00 +0200
          Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-16 18:40 +0200
            Re: Security review of tag2upload Sam Hartman <hartmans@debian.org> - 2024-06-16 23:30 +0200
              Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-24 20:30 +0200
    Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-13 21:00 +0200
      Re: Security review of tag2upload [transfer.fsckObjects] Simon Josefsson <simon@josefsson.org> - 2024-06-14 00:00 +0200
        Re: Security review of tag2upload [transfer.fsckObjects] Russ Allbery <rra@debian.org> - 2024-06-14 00:50 +0200
          Re: Security review of tag2upload [transfer.fsckObjects] Russ Allbery <rra@debian.org> - 2024-06-14 01:00 +0200
  Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-16 05:10 +0200
    Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-16 08:50 +0200
      Re: Security review of tag2upload Gunnar Wolf <gwolf@debian.org> - 2024-06-16 09:00 +0200
      Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-16 12:50 +0200
        Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-16 18:10 +0200
          Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-16 18:20 +0200
            Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-16 18:50 +0200
              Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-16 19:10 +0200
                Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-16 20:30 +0200
                Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-16 21:20 +0200
                Re: Security review of tag2upload Matthias Urlichs <matthias@urlichs.de> - 2024-06-16 22:00 +0200
                Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-16 22:10 +0200
                Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-17 06:40 +0200
                Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-17 07:30 +0200
                Re: Security review of tag2upload Scott Kitterman <debian@kitterman.com> - 2024-06-17 07:50 +0200
                Re: Security review of tag2upload Louis-Philippe Véronneau <pollo@debian.org> - 2024-06-17 07:50 +0200
                Re: Security review of tag2upload Louis-Philippe Véronneau <pollo@debian.org> - 2024-06-17 08:20 +0200
                Re: Security review of tag2upload Jonas Smedegaard <jonas@jones.dk> - 2024-06-17 08:20 +0200
                Re: Security review of tag2upload Matthias Urlichs <matthias@urlichs.de> - 2024-06-17 09:40 +0200
                Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-17 17:40 +0200
                Re: Security review of tag2upload Aigars Mahinovs <aigarius@debian.org> - 2024-06-17 12:50 +0200
              Re: Security review of tag2upload Simon Josefsson <simon@josefsson.org> - 2024-06-17 11:00 +0200
                Re: Security review of tag2upload Brian May <bam@debian.org> - 2024-06-17 12:40 +0200
                Re: Security review of tag2upload Simon Josefsson <simon@josefsson.org> - 2024-06-17 13:30 +0200
                Re: Security review of tag2upload Matthias Urlichs <matthias@urlichs.de> - 2024-06-17 13:30 +0200
                Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-17 17:30 +0200
              Re: Security review of tag2upload Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-17 13:40 +0200
            Re: Security review of tag2upload Stefano Rivera <stefanor@debian.org> - 2024-06-16 19:30 +0200
          Re: Security review of tag2upload Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-17 13:30 +0200
  Re: Security review of tag2upload HW42 <hw42@ipsumj.de> - 2024-06-25 01:10 +0200
    Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-25 02:10 +0200
      Re: Security review of tag2upload Russ Allbery <rra@debian.org> - 2024-06-25 03:40 +0200
        Re: Security review of tag2upload Salvo Tomaselli <tiposchi@tiscali.it> - 2024-06-26 09:30 +0200
          Re: Security review of tag2upload Jonas Smedegaard <jonas@jones.dk> - 2024-06-26 09:50 +0200
            Re: Security review of tag2upload Salvo Tomaselli <tiposchi@tiscali.it> - 2024-06-26 10:40 +0200
              Re: Security review of tag2upload Jonas Smedegaard <jonas@jones.dk> - 2024-06-26 12:40 +0200
    Re: Security review of tag2upload Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-25 11:30 +0200
    Re: Security review of tag2upload Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 12:10 +0200

csiph-web