> From: Vigorito, Nicholas E. [mailto:[EMAIL PROTECTED] > A coworker claims that all unix admins should never install > open source binaries. They should build using the source.
Binaries are marginally more open to tampering; this is why most (all?) Apache projects provide checksums of the built packages. A cracker would have to replace the binaries on the distribution machine *and* tamper with the checksums that are held on a different machine. Or they'd have to be part of the relevant build team, in which case they may well be able to get their crack into the source anyway. It's rather like conducting a detailed inspection of everything you buy for bugs before loading it into your car. You *might* catch something, but the odds are low. Here's how to decide. If you multiply the expected loss due to a break-in (say $10M) by the probability of catching something you wouldn't have caught because the binary's been compromised *and* the checksums have been tampered with (say 1 in 100,000) by the probability of that security hole being exploited (say 1 in 10), you get an expected loss of $10. I suspect it would cost half a day to build from source (say $150 of staff time); so in this case the organisation should use the binary, because the expected cost to the organisation is lower than the cost of building from source. Substitute your own figures for loss, probabilities, and cost of build to come up with your own answer for your own organisation! - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]