Bob Bernstein <[EMAIL PROTECTED]> writes: > On Mon, Aug 21, 2000 at 03:08:49PM -0400, Noah L. Meyerhans wrote: > > > You can't. Period. Same goes for source. Same goes for commercial > > binaries. Same goes for any code you haven't read (or had someone you > > thoroughly trust read). > > Agreed. However, the classic statement on the subject is even stronger: > > http://www.acm.org/classics/sep95 > > It's Ken Thompson's "Reflections on Trusting Trust": > > "The moral is obvious. You can't trust code that you did not totally > create yourself. (Especially code from companies that employ people > like me.) No amount of source-level verification or scrutiny will protect > you from using untrusted code."
And even then, you could goof up yourself! -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
