[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recompilation of ALL Debian packages ...

Russ Allbery writes:

> Source-code trojans are more dangerous because people fear binaries but
> think that if they've compiled it, it's fine, when the only real
> distinction is between code that's been audited and code that hasn't.
> Binaries built and uploaded by a maintainer who audits the upstream code
> are significantly safer than uncompiled source code uploaded by a
> maintainer who doesn't.

This compares apples (a maintainer who audits the upstream code) to
oranges (one who doesn't).  Even given human error, the approach to
auditing a source code package is reasonably well-understood.  For
binary packages, it is not, but it is clear that it is much more

Michael Poole

Reply to: