[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories

On Mon, Aug 05, 2013 at 09:11:21PM +0100, Joe wrote:
I don't think there is a goal, I think we are all ruefully conceding
that the much-vaunted Open Source process is simply unable to deliver
trustworthy code, since the process of compiling the Open Sources
to binary involves using utterly un-auditable binaries, running on
un-auditable processors manufactured by a very small number of

We can also assume that if something is technically possible, perhaps
involving the outright purchase or intimidation of a few hundred humans,
then the largest organised crime syndicates on the planet (a.k.a.
governments) will do it.

Anything humans can make, humans can un-make. Welcome to reality. Is this something you need to lose a lot of sleep over? No, probably not. There's what is possible, and then there is what is likely, and we probably have more practical issues to spend time on.

Mike Stone

Reply to: