Date: Sun, 16 Jul 2000 18:29:32 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: Will Andrews <andrews@technologist.com>, Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>, Hajimu UMEMOTO <ume@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/sysutils/gkrellm/files md5 Message-ID: <20000716182932.I51462@jade.chc-chimes.com> In-Reply-To: <Pine.BSF.4.21.0007161447230.85469-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Sun, Jul 16, 2000 at 02:49:58PM -0700 References: <20000716112616.A535@argon.gryphonsoft.com> <Pine.BSF.4.21.0007161447230.85469-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 16, 2000 at 02:49:58PM -0700, Kris Kennaway wrote:
> No, we haven't "discussed" this, but the opinion was stated. *My* opinion
> is that trojans are much more likely to happen by simply changing the
> distfile than by bogusly releasing a new version.
More then a few people made posts on a mailing list, I'd call it "discussed".
> Besides which, your logic is flawed. Since we cannot audit all source code
> in the tree, we should audit none of it? *Anything* we catch is a win.
At what cost of resources? What happens when someone (either the legit author
or the Bad Guy who added the backdoor) runs indent(1) on the code too? If
it's easy to see what changed then I'll mention it in my commits, but I'm not
going to spend any great amount of time just to find out that the author now
likes to use some different style or that he slipped in a few bugfixes.
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000716182932.I51462>