From owner-cvs-all  Sun Jul 16 15:29:38 2000
Delivered-To: cvs-all@freebsd.org
Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id C19E837B7DB; Sun, 16 Jul 2000 15:29:33 -0700 (PDT)
	(envelope-from billf@jade.chc-chimes.com)
Received: by jade.chc-chimes.com (Postfix, from userid 1001)
	id 4E0021C65; Sun, 16 Jul 2000 18:29:32 -0400 (EDT)
Date: Sun, 16 Jul 2000 18:29:32 -0400
From: Bill Fumerola <billf@chimesnet.com>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Will Andrews <andrews@technologist.com>,
	Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>,
	Hajimu UMEMOTO <ume@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: ports/sysutils/gkrellm/files md5
Message-ID: <20000716182932.I51462@jade.chc-chimes.com>
References: <20000716112616.A535@argon.gryphonsoft.com> <Pine.BSF.4.21.0007161447230.85469-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0007161447230.85469-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Sun, Jul 16, 2000 at 02:49:58PM -0700
X-Operating-System: FreeBSD 3.3-STABLE i386
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Jul 16, 2000 at 02:49:58PM -0700, Kris Kennaway wrote:

> No, we haven't "discussed" this, but the opinion was stated. *My* opinion
> is that trojans are much more likely to happen by simply changing the
> distfile than by bogusly releasing a new version.

More then a few people made posts on a mailing list, I'd call it "discussed".

> Besides which, your logic is flawed. Since we cannot audit all source code
> in the tree, we should audit none of it? *Anything* we catch is a win.

At what cost of resources? What happens when someone (either the legit author
or the Bad Guy who added the backdoor) runs indent(1) on the code too? If
it's easy to see what changed then I'll mention it in my commits, but I'm not
going to spend any great amount of time just to find out that the author now
likes to use some different style or that he slipped in a few bugfixes.

-- 
Bill Fumerola -	Network Architect, BOFH / Chimes, Inc.
                billf@chimesnet.com / billf@FreeBSD.org





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message