Re: Lotus notes oamd64?
On Sat, Sep 18, 2010 at 10:34 AM, Robert Isaac <firstname.lastname@example.org> wrote:
>>> I'm afraid it's not possible, as Lotus Notes is a non-free
>>> email/collaboration suite from IBM:
>> If the Source Code is not available then that is surely, in and of itself, a
>> good enough reason to run it inside a chroot -- that way, it can't get at
>> anything it's not supposed to.
> Are you implying that IBM is distributing malicious code?
No need to attribute anything to malice...
Plenty of undesirable things can occur if software makes undeclared assumptions.
"Undeclared assumptions" are sure to exist in enormous quantity in
such proprietary software.
Notes contains data synchronization functionality, which means it'll
be in the habit of copying and/or removing data. Since they're using
proprietary mechanisms (some of which might conceivably even be clever
/ "patentable"), the results will be anything *but* transparent. And
there's surely some risk of stuff (can't be completely certain where,
due to those "undeclared assumptions") getting overwritten.
On the more paranoid side, Notes includes crypto bits, and there's
some history of BigAmericanCos having hooks for No Such Agencies and
Rather worse, there's the possibility that they might leave hooks in
to enable remote shutdown. "Ooh... License ran out. Encrypt/Purge
data." Someone might have *experimented* with this in a dev tree, and
code might have stayed in the build. "Undeclared assumptions," again.
There's not strong reason to truly expect huge problems of these
sorts, but if a chroot's easy to throw on, it's not a bad idea to do
Saves the potential of all sorts of mistakes going bad.