-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 09 October 2002 12:50, jnf wrote: > hi, ive got a question, it seems several oss programs of late have been > trojaned at the provider level- which leads me to wonder if this is a > message 'read your source', which made me wonder, are these trojans > obvious? as in if you just scanned over the source would you see them? if > anyone has a copy of some of the source that is trojaned, or knows where i > could find some, it would be appreciated. thnx > > j
Frankly, even if the trojan was enclosed in <blink></blink> statements, in 80,000 lines of code it would be lost. It's not feasible for one single coder to proofread everything he/she compiles. You have to implicitly trust the coder/maintainer/distributor, I see no other way. - -A - -- http://www.andrew.cmu.edu/~apapadop/pub_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9rPeGgmAMwQt1gmURAtA0AJ9/N81Hyu100xokVq0c2vXZALt/egCfdGFd DAoKH5PmL2GPQk6aFJt4B0w= =7MAJ -----END PGP SIGNATURE-----
