Re: Unstripped binaries, stripped at installation time?
Scavenging the mail folder uncovered Karl M. Hegbloom's letter:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Wouldn't it be better, to ease debugging, to ship unstripped `-ggdb'
> compiled binaries, with a local option to strip them at install time?
oh, yea, give me 90% more bytes to download when i make an upgrade.
download sources and recompile with debugging on, if you need it
(it's a one-liner change in debian/rules ususally.)
> This could also afford some protection against malicious
> patch-hacking, where an evil devel runs an outer-build setup that
> performs a sneaky patch, build, unpatch, dpkg-deb, dpkg-source
> routine, to ship a binary with backdoor codes that appears clean when
> the source package is examined. If the debugging symbols are in the
> system.tar.gz inside the binary .deb, perhaps a way to check and make
> sure that kind of hanky-panky is not occuring could be devised.
i think crypto and good security measures prevent trojan horses much
more than some strange symbol-checking (that can't be automatized.)
ciao,
federico
--
Federico Di Gregorio
MIXAD LIVE System Programmer fog@mixadlive.com
Debian GNU/Linux Developer & Italian Press Contact fog@debian.org
Best friends are often failed lovers. -- Me
Reply to: