Date: Mon, 19 Mar 2001 08:17:39 +0100 From: Markus Holmberg <markush@acc.umu.se> To: Rich Morin <rdm@cfcl.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ports vs. packages... Message-ID: <20010319081739.A23868@acc.umu.se> In-Reply-To: <p050019b2b6dab14856c1@[192.168.168.205]>; from rdm@cfcl.com on Sun, Mar 18, 2001 at 10:47:17AM -0800 References: <3AB3C1C2.67E1AB9B@yahoo.com> <20010317125349.E22316@mollari.cthul.hu> <20010318194637.A10260@acc.umu.se> <p050019b2b6dab14856c1@[192.168.168.205]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 18, 2001 at 10:47:17AM -0800, Rich Morin wrote: > At 7:46 PM +0100 3/18/01, Markus Holmberg wrote: > >Isn't there a small security advantage with building from source > >(compared to downloading packages from an untrusted party)? > > Access to the source code (and even a close examination of it) isn't > enough. See Ken Thompson's Turing Award lecture, "Reflections on > Trusting Trust": http://cm.bell-labs.com/who/ken/trust.html I didn't mean that having the source implies that the software is "safe". I meant that you could be assured that you got what the port creator created, and not something that had been tampered with. If what the port creator created was "safe" or not, is a whole other issue. Markus -- Markus Holmberg | Give me Unix or give me a typewriter. markush@acc.umu.se | http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010319081739.A23868>