From owner-freebsd-stable  Sun Mar 18 23:17:47 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from khan.acc.umu.se (khan.acc.umu.se [130.239.18.139])
	by hub.freebsd.org (Postfix) with ESMTP id 8CA8737B718
	for <freebsd-stable@FreeBSD.ORG>; Sun, 18 Mar 2001 23:17:42 -0800 (PST)
	(envelope-from markush@acc.umu.se)
Received: from mao.acc.umu.se (root@mao.acc.umu.se [130.239.18.154])
	by khan.acc.umu.se (8.11.2/8.11.2) with ESMTP id f2J7HeS13257;
	Mon, 19 Mar 2001 08:17:40 +0100 (MET)
Received: (from markush@localhost)
	by mao.acc.umu.se (8.9.3/8.9.3/Debian 8.9.3-21) id IAA24162;
	Mon, 19 Mar 2001 08:17:39 +0100
Date: Mon, 19 Mar 2001 08:17:39 +0100
From: Markus Holmberg <markush@acc.umu.se>
To: Rich Morin <rdm@cfcl.com>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: ports vs. packages...
Message-ID: <20010319081739.A23868@acc.umu.se>
References: <3AB3C1C2.67E1AB9B@yahoo.com> <20010317125349.E22316@mollari.cthul.hu> <20010318194637.A10260@acc.umu.se> <p050019b2b6dab14856c1@[192.168.168.205]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3-current-20000511i
In-Reply-To: <p050019b2b6dab14856c1@[192.168.168.205]>; from rdm@cfcl.com on Sun, Mar 18, 2001 at 10:47:17AM -0800
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Mar 18, 2001 at 10:47:17AM -0800, Rich Morin wrote:
> At 7:46 PM +0100 3/18/01, Markus Holmberg wrote:
> >Isn't there a small security advantage with building from source
> >(compared to downloading packages from an untrusted party)?
> 
> Access to the source code (and even a close examination of it) isn't
> enough.  See Ken Thompson's Turing Award lecture, "Reflections on
> Trusting Trust": http://cm.bell-labs.com/who/ken/trust.html

I didn't mean that having the source implies that the software is "safe".
I meant that you could be assured that you got what the port creator
created, and not something that had been tampered with.

If what the port creator created was "safe" or not, is a whole other
issue.

Markus

-- 

Markus Holmberg         |       Give me Unix or give me a typewriter.
markush@acc.umu.se      |       http://www.freebsd.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message