Re: Security - trust etc.. (Was: Reading e-mails on text mode)

To: Debian User List <debian-user@lists.debian.org>
Cc: dep@snet.net
Subject: Re: Security - trust etc.. (Was: Reading e-mails on text mode)
From: Bob Bernstein <poobah@ruptured-duck.com>
Date: Mon, 21 Aug 2000 16:07:56 -0400
Message-id: <20000821160755.A944@hoopla.ruptured-duck.org>
Mail-followup-to: Bob Bernstein <poobah@ruptured-duck.com>, Debian User List <debian-user@lists.debian.org>, dep@snet.net
In-reply-to: <Pine.LNX.4.21.0008211438170.10217-100000@spider.noah>; from frodo@morgul.net on Mon, Aug 21, 2000 at 03:08:49PM -0400
References: <019e01c00b9a$227d9ae0$0100a8c0@windows98> <Pine.LNX.4.21.0008211438170.10217-100000@spider.noah>

On Mon, Aug 21, 2000 at 03:08:49PM -0400, Noah L. Meyerhans wrote:

> You can't.  Period.  Same goes for source.  Same goes for commercial
> binaries.  Same goes for any code you haven't read (or had someone you
> thoroughly trust read).

Agreed. However, the classic statement on the subject is even stronger:

http://www.acm.org/classics/sep95

It's Ken Thompson's "Reflections on Trusting Trust":

"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will protect
you from using untrusted code."

-- 
Bob Bernstein
at                    
Esmond, R.I., USA

Reply to:

Follow-Ups:
- Re: Security - trust etc.. (Was: Reading e-mails on text mode)
  - From: Olaf Meeuwissen <olaf@epkowa.co.jp>

References:
- Security - trust etc.. (Was: Reading e-mails on text mode)
  - From: "hogan" <hogan@netspace.net.au>
- Re: Security - trust etc.. (Was: Reading e-mails on text mode)
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Help
Next by Date: Re: looking for simple finance program
Previous by thread: Re: Security - trust etc.. (Was: Reading e-mails on text mode)
Next by thread: Re: Security - trust etc.. (Was: Reading e-mails on text mode)
Index(es):
- Date
- Thread