also sprach Henning Makholm <henning@makholm.net> [2006.09.02.1552 +0200]: > > And yes, I still think there's a difference between the two > > scnearios: a clean source, 11 clean binaries, but one trojaned one > > against an unclean source and 12 unclean binaries. As someone else > > said, post-mortem it'll be *much* easier to deal with the latter. > > You seem to be assuming that porters are more trustworthy than > other DDs. Why? Don't porters work on DSA-controlled machines? It's not so much about trusting the one doing the work as it is about not trusting the environment in which a package was built. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems NP: Pond / Pond
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)