Re: leaks in our only-signed-software fortress

To: debian-devel@lists.debian.org
Subject: Re: leaks in our only-signed-software fortress
From: Teus Benschop <teusjannette@gmail.com>
Date: Sat, 18 Feb 2012 09:11:17 +0100
Message-id: <[🔎] 4F3F5D25.3000502@gmail.com>
In-reply-to: <[🔎] 0763775752c72b696283491568e04907@scientia.net>
References: <[🔎] 0763775752c72b696283491568e04907@scientia.net>

To put things in perspective, I just wonder how strong this 'fortress'
really is, and whether this strength is only in our perception or
whether it is real. Let me give just one example: A developer downloads
a tarball from an upstream source, configures it, and does make install,
yet has not even once checked whether this tarball is secure or is not a
root kit. Teus.

Reply to:

Follow-Ups:
- Re: leaks in our only-signed-software fortress
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: leaks in our only-signed-software fortress
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- leaks in our only-signed-software fortress
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: leaks in our only-signed-software fortress
Next by Date: Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]
Previous by thread: leaks in our only-signed-software fortress
Next by thread: Re: leaks in our only-signed-software fortress
Index(es):
- Date
- Thread