[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building packages with exact binary matches

On Fri, 28 Sep 2007, Martin Uecker wrote:
> You are seriously stating that is as easy to hide a trojan in the
> source code as in the binary?

Consider the fact that we've already had such a case,[1] whereas we've
not (to my knowledge) distributed a trojaned binary. I'm not sure
which is easier to hide, but it seems that making a source trojan is
at least more frequent if not easier to create.

Don Armstrong
1: mICQ anyone? http://lists.debian.org/debian-devel/2003/02/msg00872.html
[A] theory is falsifiable [(and therefore scientific) only] if the
class of its potential falsifiers is not empty.
 -- Sir Karl Popper _The Logic of Scientific Discovery_ §21

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to: