[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Open Source software really more secure?

On Sun, Oct 08, 2000 at 02:34:16PM -0700, Paul Lowe wrote:
> When was the last time someone looked over the entire code base of mySQL to
> make sure it didn't have a trojan inside? I mean hey, theoretically, who
> goes over source code? Reading other programmer's source is both painful and
> difficult. It would not be hard for someone to release a oss package,
> announce it on freshmeat, have it distributed to thousands of people -- and
> have malicious code inside it. I mean, hey, do you always read the Makefile
> to make sure it doesn't contain a line that says "rm -rf /" for "make
> install"?

When?  Probably in the last month or so.

People actually do audit these things.  Not before they get posted to
freshmeat, but I'm dubious about things from random sites anyway...
it's a survival trait.  Packaged programs in distributions are
generally fairly well looked-over and tested.


/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/

Reply to: