From: David Holland <dholland-pkgtech%netbsd.org@localhost> Subject: Re: Updating plans of lang/ghc Date: Thu, 9 Jan 2014 19:24:34 +0000 > > Well... I'm puzzled. Are you saying I have to prove that machines I > > used to build my kits were not trojanized by any means? Obviously I > > can't. No one on the earth can prove such things. > > No, only that you've taken reasonable (or equivalently, adequately > paranoid) steps to be careful about securing the machines involved and > not exposed the builds to known hazards. > > (Cloud hosting is one known hazard, for example, that's probably best > avoided for any binaries like this.) Okay. Here's an updated summary of my bootstrap kits: * NetBSD/amd64, FreeBSD/i386, Darwin/ppc [SAFE]: These kits were built on my secured private machines under my exclusive control. * Linux/amd64 [UNSAFE]: I built my kit for this one on a machine shared with my co-workers with root access. * NetBSD/i386 [UNSAFE]: I built my kit for this one on an Amazon EC2 instance (although it's private). _______________________________________________________ - PHO - http://cielonegro.org/ OpenPGP public key: 1024D/1A86EF72 Fpr: 5F3E 5B5F 535C CE27 8254 4D1A 14E7 9CA7 1A86 EF72
Attachment:
pgp07siwZF9mT.pgp
Description: PGP signature