Sven Luther <[EMAIL PROTECTED]> writes: > On Fri, Sep 01, 2006 at 11:52:17PM -0700, Russ Allbery wrote:
>> Source-code trojans are more dangerous because people fear binaries but >> think that if they've compiled it, it's fine, when the only real >> distinction is between code that's been audited and code that hasn't. >> Binaries built and uploaded by a maintainer who audits the upstream >> code are significantly safer than uncompiled source code uploaded by a >> maintainer who doesn't. > The thing is, if you have no guarantee that the binaries effectively > correspond to the sources you are auditing, then auditing is not going > to do you any kind of good, don't you think ? Which just says that you shouldn't audit the source code and then use someone else's binaries supposedly built from it. Any organization willing and capable of going to the work of auditing the source code can certainly then also build their own binaries from exactly the source code they audited, and should. Debian upload policies don't help them, one way or the other, since the work of building the package is negligible next to the work required for the audit and in that sort of situation not building the package themselves would just reintroduce more risks than are worth it. > I still believe that rebuilding everything is the best way to go, since > it avoids any number of silly errors on the developer's part, and this > would be a good thing for stability if nothing else. Agreed. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
