On Fri, Apr 14, 2006 at 01:04:05PM -0400, Eric Enright wrote: > That would work for source code, but would it for machine code? How > could one peer review a binary package for anything other than "does > what it says"? Going with the example Dennis gave earlier, if someone > introduced a back door into something, say, MySQL, it could prove > difficult to pick up with any amount of review.
This is the advantage of having the source code repository be the interface among contributors, with binaries built in some central, presumably trusted, location and distributed from there. While it's still difficult to trust that person/machine, at least you reduce the problem from trusting N entities to trusting 1 (or some small number of cooperating but mutually suspicious individuals). -- Keith M Wesolowski "Sir, we're surrounded!" Solaris Kernel Team "Excellent; we can attack in any direction!" _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
