[Reproducible-builds] concrete steps for improving apt downloading security and privacy

[Jérémy Bobbio]

Hans-Christoph Steiner:
> I still strongly disagree.  Very very few people care enough to learn a
> separate process.  For security to be usable, it needs to be as transparent
> and automatic as possible.  APKs and Android have demonstrated that you can
> have this kind of system working well.

Comparing .deb and APKs is misleading when talking of tools. A given
.deb will have dependencies. APKs are self-contained.

This makes `.deb` hard to use without a repository for anything
substantial. I would assume that's why Ubuntu developed the Click
package format.

> They've made the whole process easier by requiring the upstream
> developer be the manager of the signing. I think setting up a similar
> role in Debian will be quite beneficial, and dak and the package
> maintainer are natural roles to be the signer.

With the current .buildinfo signing scheme, we require the Debian
maintainer to provide a package that can be built reproducibly. Then we
can require a proof of that reproducibility from the maintainer, any
other maintainers, and any number of buildds. These assessments that a
build can be properly reproduced can come after the initial upload. We
can only do that if the .deb files do not change after they hits the
archive.

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140920/37467312/attachment.sig>