Re: Packages removed from frozen

To: Nils Jeppe <nils@jeppe.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Packages removed from frozen
From: Antti-Juhani Kaijanaho <gaia@iki.fi>
Date: Wed, 9 Feb 2000 23:06:12 +0200
Message-id: <20000209230611.F22607@gaia.pp.sci.fi>
Mail-followup-to: Nils Jeppe <nils@jeppe.de>, debian-devel@lists.debian.org
In-reply-to: <Pine.LNX.4.20.0002091308250.28863-100000@wasteland.pandemonium.de>; from nils@jeppe.de on Wed, Feb 09, 2000 at 01:08:52PM +0100
References: <87k8kezjql.fsf@glaurung.green-gryphon.com> <Pine.LNX.4.20.0002091308250.28863-100000@wasteland.pandemonium.de>

On Wed, Feb 09, 2000 at 01:08:52PM +0100, Nils Jeppe wrote:
> On 9 Feb 2000, Manoj Srivastava wrote:
> 
> >         Read about the C compiler that included a binary trojan when
> >  it compiled itself (without the troan ever appearing in the source
> >  code), or when it compiled login, to see what I mean.
> 
> Well but that was afaik never put into practice. ;)

According to http://www.acm.org/classics/sep95/ it seems it was.

But in my opinion, if we rely on GCC not having that (or a similar) hack,
we have a single - hard to verify - point of failure.  With several
independently bootstrapped compilers it's harder to infect the whole
system by cracking a compiler.

-- 
%%% Antti-Juhani Kaijanaho % gaia@iki.fi % http://www.iki.fi/gaia/ %%%

                                  ""
                             (John Cage)

Reply to:

Follow-Ups:
- Re: Packages removed from frozen
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: Packages removed from frozen
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Packages removed from frozen
  - From: Nils Jeppe <nils@jeppe.de>

Prev by Date: RE: package compilation madness
Next by Date: Re: Packages removed from frozen
Previous by thread: Re: Packages removed from frozen
Next by thread: Re: Packages removed from frozen
Index(es):
- Date
- Thread