From owner-freebsd-stable Sun Mar 18 10:56:28 2001 Delivered-To: freebsd-stable@freebsd.org Received: from idiom.com (idiom.com [216.240.32.1]) by hub.freebsd.org (Postfix) with ESMTP id 92F7237B718 for ; Sun, 18 Mar 2001 10:56:26 -0800 (PST) (envelope-from rdm@cfcl.com) Received: from cfcl.com (cpe-24-221-169-54.ca.sprintbbd.net [24.221.169.54]) by idiom.com (8.9.3/8.9.3) with ESMTP id KAA27998 for ; Sun, 18 Mar 2001 10:56:26 -0800 (PST) Received: from [192.168.168.205] (cerberus [192.168.168.205]) by cfcl.com (8.11.1/8.11.1) with ESMTP id f2IIvaV30732 for ; Sun, 18 Mar 2001 10:57:36 -0800 (PST) (envelope-from rdm@cfcl.com) Mime-Version: 1.0 Message-Id: In-Reply-To: <20010318194637.A10260@acc.umu.se> References: <3AB3C1C2.67E1AB9B@yahoo.com> <20010317125349.E22316@mollari.cthul.hu> <20010318194637.A10260@acc.umu.se> Date: Sun, 18 Mar 2001 10:47:17 -0800 To: freebsd-stable@freebsd.org From: Rich Morin Subject: Re: ports vs. packages... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 7:46 PM +0100 3/18/01, Markus Holmberg wrote: >Isn't there a small security advantage with building from source >(compared to downloading packages from an untrusted party)? Access to the source code (and even a close examination of it) isn't enough. See Ken Thompson's Turing Award lecture, "Reflections on Trusting Trust": http://cm.bell-labs.com/who/ken/trust.html -r -- http://www.cfcl.com/rdm - home page, resume, etc. http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser email: rdm@cfcl.com; phone: +1 650-873-7841 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message