Am 14.06.2011 22:27, schrieb Andrei Alexandrescu: > On 6/14/11 2:41 PM, Daniel Gibson wrote: >> Am 14.06.2011 21:34, schrieb Robert Clipsham: >>> On 14/06/2011 20:07, Andrei Alexandrescu wrote: >>>> On 6/14/11 1:22 PM, Robert Clipsham wrote: >>>>> On 14/06/2011 14:53, Andrei Alexandrescu wrote: >>>>>> http://www.wikiservice.at/d/wiki.cgi?LanguageDevel/DIPs/DIP11 >>>>>> >>>>>> Destroy. >>>>>> >>>>>> >>>>>> Andrei >>>>> >>>>> This doesn't seem like the right solution to the problem - the correct >>>>> solution, in my opinion, is to have a build tool/package manager >>>>> handle >>>>> this, not the compiler. >>>>> >>>>> Problems I see: >>>>> * Remote server gets hacked, everyone using the library now >>>>> executes malicious code >>>> >>>> This liability is not different from a traditional setup. >>> >>> Perhaps, but with a proper package management tool this can be avoided >>> with sha sums etc, this can't happen with a direct get. Admittedly this >>> line of defense falls if the intermediate server is hacked. >>> >> >> Signing the files/hashes with GPG helps (as long as the developers >> private key isn't on the server). > > Could you please add a subsection to the trust model discussing such a > possibility? > > Thanks, > > Andrei
Done