Package: buildd.debian.org Tags: security Hi,
A long standing issue is that everything that ends up in the mail box of someone signing buildd logs is ussually not authenticated in anyway, and it's open to man in the middle attacks. I can see several options, but I think the best solution is where only the sending and receiving part of the email needs a change, and not all MTA in between too, and that probably involves changing the message context. One option I thought about was to sign the .changes part of the with a key. This would involve every buildd creating a key, and all people that gets logs, including the security team, need to get the public key so they can check it. But an other option is to use something like DKIM that basicly does the same and uses DNS to distribute the public key. Things like spamassassin can check the DKIM signatures, but I don't think there is currently a way to say the message needs to be signed, but I guess you can use procmail to check for the DKIM_SIGNED status. What do you people think? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
