Re: Revival of the signed debs discussion
Scripsit Goswin von Brederlow
> Henning Makholm <henning@makholm.net> writes:
> > I refer you to Ken Thompson's Turing award lecture. If someone who
> > really means business manages to compromise binary toolchain debs, all
> > the hackers in the world reading source over and over will not find
> > the backdoor.
> But their source is already secured by the same means.
You really need to read Thompson's paper.
> One can maintain and update a debian system from source alone so one
> only has to trust the peer reviewing of sources.
How do you compile the sources without first having to trust binary
.debs for the toolchain?
--
Henning Makholm "I have seen men with a *fraction* of
your trauma pray to their deity for death's
release. And when death doesn't arrive immediately,
they reject their deity and begin to beg to another."
Reply to: