[CentOS] EL 6 rollout strategies? (Scientific Linux)

Mon May 16 19:46:38 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On 5/16/2011 1:43 PM, John R Pierce wrote:
> On 05/16/11 11:24 AM, Les Mikesell wrote:
>> it is somewhat unsettling to think that the
>> project itself considers that to be a problem.
>
> consider what might happen if a core build server for a project as
> widely used as centos gets penetrated and carefully targetted to slip
> trojans unnoticed into the final product....  this woudl be a holy grail
> to the sort of international espionage that is taking place today.
>
> be scared, be very scared.

Yes, but assuming they eat their own dog food and are running the same 
thing we are, if their servers are penetrated, yours will too even 
before whatever they are building ships.  And it is something that 
debian seems to be able to handle.  In any case, with full automation it 
would be easy enough to duplicate the final build on a trusted server 
and compare the results before distribution.  Or for someone else to do 
it to verify from an outside perspective.

-- 
   Les Mikesell
    lesmikesell at gmail.com