launchpad-dev team mailing list archive

[Jonathan Lange <jml@xxxxxxxxxxxxx>]

On Sat, Mar 13, 2010 at 10:24 AM, Jeroen Vermeulen <jtv@xxxxxxxxxxxxx> wrote:
> I've just been discussing something with wgrant that has been bothering both
> of us.
>
...
> We can't be sure, but we think the cross-check may have started out as an
> extra protection against compromised slaves trying to confuse the buildd
> master.
...
> If we ever decide that we need seriously unpredictable ids
...
>
> Then again, maybe we don't need a cookie at all and that would be even
> easier.
>
> Any comments?  Jeers?  Cheers?  Beers..?
>

The plan sounds good to me. It seems that you are missing key
information on what the actual threats and security requirements are.
I don't want to block what seems to be a useful simplifying change,
but were I you I'd consult James Troup, LaMont Jones or do some threat
analysis.

jml