5 comments

[ 3.0 ms ] story [ 25.1 ms ] thread
It's amazing that there is so much trust put into WordPress's security.

Reading about how WordPress updates can be used to compromise websites got me thinking; does anyone know how people ensure that Canonical won't push out a signed update that installs a backdoor to their servers?

This seems like it would be very tedious to do (recompiling and checking they're the same), but also more and more important now that major governments have shown their willingness to force companies to betray their customers.

If the open source nature of Canonical stops it from being able to push out poisoned updates (I suppose all mirrors compile stuff themselves and verify against a hash so it would be found out quick), how would one deal with securing non open source software stuff like Windows? Do you just not trust any machine (virtual or not) in your server farm running Windows?

Ubuntu mirrors don't compile their own packages, they just pull from Canonical.
Debian's reproducible builds would allow allow anyone to grab the source to a package and build it the same way as Debian does, and get matching builds. This would allow a Debian mirror to host self-built but binary matching packages. Not sure if these kind of mirrors exist.
This one off the reasons why Debian (and others) are working hard on reproducible builds.

That would allow you pull the source code and rebuild a package to check it matches the official one, theoretically you could setup build mirrors and match them automatically against what the Debian mirrors are serving.