[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using buildds only (was: Results of the meeting...)



On Monday 22 August 2005 16.08, W. Borgert wrote:
[...]
> This is a really nice idea: A DD with a strange sense of humour
> could
[...]

If we're starting to worry about what kind of damage a DD can do to the 
world by providing some bogus uploads, let's just not.   Any DD can cause 
code to be executed as root on a potentially very big number of machines 
world wide, source-only uploads or not, and there are many ways to 
obfuscate malicious code within a big, complex application.

No technical measures will ever help here, really [1].  That's why we have 
NM and don't maintain the source code of your packages in Wiki-style...

cheers
-- vbi

[1] granted, *if ever* somebody tried something, technical measures can make 
forensics and tracking the offender harder or easier.
-- 
Beware of the FUD - know your enemies. This week
    * Patent Law, and how it is currently abused. *
http://fortytwo.ch/opinion

Attachment: pgpmYiZwoGbbb.pgp
Description: PGP signature


Reply to: