I think the principle is essentially that of the panopticon (perhaps in reverse): the possibility that an observer could discover untoward behavior without first being observed creates a disincentive for engaging in the untoward behavior in the first place. So I trust the package maintainer because s/he knows that someone else could discover malicious behavior with little cost and no prior observation.
ap ---------------------------------------------------------------------- Andrew J Perrin - http://www.unc.edu/~aperrin Assistant Professor of Sociology, U of North Carolina, Chapel Hill [EMAIL PROTECTED] * andrew_perrin (at) unc.edu On Fri, 16 Apr 2004, Mike M wrote: > I just read an article about spyware. I googled "linux spyware" and > that people think Linux is immune. That got me to thinking about the > chain of trust I subscribe to in using Debian. For example, I use > mutt. What if the upstream developer installed spyware? Do I > trust the Debian package maintainer to review the code and alert the > community to the problem? I can't spend my time reading source for > every package I use. > > THe only solution I can think of is to use a live-cd like Knoppix to > do critical and sensitive tasks like financial transactions. > > Anybody else thought about this? > -- > Mike > > Moving forward in pushing back the envelope of the corporate paradigm. > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
