On 08/03/13 13:36, Rick Moen wrote: > Quoting Volker Birk (v...@pibit.ch): > >> Really? >> >> How do you detect, if maintainer's patches contain backdoors? If I would >> want to attack Debian, I would try to become the maintainer of one of >> the most harmless, most used packages. And believe me, you wouldn't see >> at the first glance, that this source code patch is containing a >> backdoor.... > > Indeed, this whole line of query (from someone who cannot even bother to > read debian-legal and wants to be CCed; no thanks) is basically pretty > dumb and can be avoided by reading Ken Thompsen's 'Reflections on > Trusting Trust', contemplating the nature of the accountability and > tracking facilitated by the Debian maintainer process (and its design > limits), and, y'know, bothering to think a bit.
I'm not sure that hostility is warranted. It still sparked a discussion, and it's definitely interesting to think about. -R -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51fd5aef.5010...@tomsick.net
