Re: Security - trust etc.. (Was: Reading e-mails on text mode)
On Mon, Aug 21, 2000 at 03:08:49PM -0400, Noah L. Meyerhans wrote:
> You can't. Period. Same goes for source. Same goes for commercial
> binaries. Same goes for any code you haven't read (or had someone you
> thoroughly trust read).
Agreed. However, the classic statement on the subject is even stronger:
It's Ken Thompson's "Reflections on Trusting Trust":
"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will protect
you from using untrusted code."
Esmond, R.I., USA