RPM security (a newbie question)
Bryn M. Reeves
bmr at redhat.com
Thu Apr 2 17:07:28 UTC 2009
On Thu, 2009-04-02 at 10:12 -0500, Mikkel L. Ellertson wrote:
> Then again, if you want to be safe, you should only use code you
> have written/inspected yourself, compiled on a compiler that you
> have written yourself. After all, it was proven that you could imbed
> code in the compiler that would be added to any program that you
> compiled with it, and would not show up in the compiler source code.
> (The compiler would add the code automatically when compiling itself.)
Here's a link to Ken Thompson's "Reflections on trusting trust" which
discusses these ideas:
http://cm.bell-labs.com/who/ken/trust.html
It's a short essay/talk and well worth the read.
Regards,
Bryn.
More information about the fedora-list
mailing list