[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
El lun, 14-06-2010 a las 12:52 +0100, Gordon Henderson escribiÃ: > On Mon, 14 Jun 2010, Juan J. MartÃnez wrote: > > > I verify the sources integrity before installing, because it's easier > > than review the source code looking for backdoors ;) > > Reviewing source code for backdoors is pretty pointless anyway ... It was a joke (notice the ";)" at the end of the sentence) :) Anyway, at the end you have to trust in the community. Does anybody remember this? http://lists.debian.org/debian-security-announce/2008/msg00152.html Debian openssl package was generating weak keys for two years just because someone put the wrong compilation flag (or something like that, I don't remember exactly). Said that, at least we should use the available tools to avoid malicious modification of the packages! Cheers, Juanjo -- jjm's home: http://www.usebox.net/jjm/ blackshell: http://blackshell.usebox.net/ ramble on: http://rambleon.usebox.net/ -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html