Re: Security - trust etc.. (Was: Reading e-mails on text mode)

[Olaf Meeuwissen <olaf@epkowa.co.jp>]

Bob Bernstein <poobah@ruptured-duck.com> writes:

> On Mon, Aug 21, 2000 at 03:08:49PM -0400, Noah L. Meyerhans wrote:
> 
> > You can't.  Period.  Same goes for source.  Same goes for commercial
> > binaries.  Same goes for any code you haven't read (or had someone you
> > thoroughly trust read).
> 
> Agreed. However, the classic statement on the subject is even stronger:
> 
> http://www.acm.org/classics/sep95
> 
> It's Ken Thompson's "Reflections on Trusting Trust":
> 
> "The moral is obvious. You can't trust code that you did not totally
> create yourself. (Especially code from companies that employ people
> like me.) No amount of source-level verification or scrutiny will protect
> you from using untrusted code."

And even then, you could goof up yourself!
-- 
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development