On 18-Nov-08, at 1:37 PM, Jim Walker wrote: > John Sonnenschein wrote: >> It's one thing if someone makes a mistake and accidentally breaks >> things, >> even security things, it's another thing if we institutionalize and >> automate >> the ability to upload malware. Even debian/unstable hasn't done >> that. Do we >> /really/ want to be the first to have viruses in our blessed repos? > > We can update the language relative to source code, but it's a big > jump to > imply we are opening the doors to malware. > > All the packages going into /contrib and /pending go through review by > the community, which on it's own, provides a big filter.
My point is essentially that unless the source code is built by a controlled system there's no way to verify that it is what the source code pointer says it is, so it ought to be treated as an exception to the rule, which means that someone trusted ought to be the submitter (or trusted by proxy) and the default shouldn't be to accept the package. If there's a good reason to have a pure binary, there's a reason and it can be accepted assuming the trust is there. Malware is perhaps an extreme example but as I see /pending now there's not a whole lot preventing it other than someone vetting that the package through some minimal amount of testing does what it claims to do at this moment. If it's malware there's no real way to detect that even post-mortem. -JohnS _______________________________________________ indiana-discuss mailing list indiana-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/indiana-discuss