[ On Wednesday, February 18, 2004 at 11:25:56 (-0500), Patton, Matthew E., CTR, OSD-PA&E wrote: ] > Subject: RE: Binary release announcements? > > Like ANYBODY who looks at the CVS code can trust it! So it's not as bad as > qmail and other hideous projects out there but the code-base is anything but > "reassuring". Hell, I broke the build on v1.11.11 just by not enabling the > pserver capability - that self-same capability that everybody maintains is > "dangerous". Not to mention it's a list mantra that CVS was never designed > with security in mind. And you think it deserves to be trusted in any way > shape or form?
You're confusing your "levels"(?) of trust, without any apparent regard for the threat models involved. The issues w.r.t. trusting binaries are wholely separate from the issues surrounding the inappropriate use of the CVS code to do authentication and authorisation. I.e. you don't have to remove the CVS pserver code in order to avoid using it in an unsafe manner -- at least not on any unix-like host. > CVS is a gnat in the scheme of things. If pre-built binaries was such a > problem why do zillions of *BSD, Linux, *nix, windoze users do nothing but > install binaries (and MS doesn't even sign their stuff)? The important thing is knowing where the binary came from. I'll only install *BSD binaries that come on a verified and verifiable CD-ROM, or that I can download off the net and verify with some form of signature (preferably PGP-like, though MD5s are better than nothing). In fact I do the same with all source code archives as well, and have done ever since people started posting checksums and cryptographic file signatures. The cool thing about the *BSD projects is that one can do all add-on software upgrades right from source with full third-party signature verification, and by typing only one command. > The opportunity to > trojan Linux or OpenBSD is FAR more attractive than diddling with a source > control system. Indeed it is which is why so many more people keep independent copies of the sources and do independent verification of all changes to those systems. > Or anyone running a mirror could likewise play games. That's why the *BSD projects use independent third-party cryptographic signatures to verify all source code archives the user downloads. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack <[EMAIL PROTECTED]> Planix, Inc. <[EMAIL PROTECTED]> Secrets of the Weird <[EMAIL PROTECTED]> _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs