On 05/16/2011 02:46 PM, Les Mikesell wrote: > On 5/16/2011 1:43 PM, John R Pierce wrote: >> On 05/16/11 11:24 AM, Les Mikesell wrote: >>> it is somewhat unsettling to think that the >>> project itself considers that to be a problem. >> >> consider what might happen if a core build server for a project as >> widely used as centos gets penetrated and carefully targetted to slip >> trojans unnoticed into the final product.... this woudl be a holy grail >> to the sort of international espionage that is taking place today. >> >> be scared, be very scared. > > Yes, but assuming they eat their own dog food and are running the same > thing we are, if their servers are penetrated, yours will too even > before whatever they are building ships. And it is something that > debian seems to be able to handle. In any case, with full automation it > would be easy enough to duplicate the final build on a trusted server > and compare the results before distribution. Or for someone else to do > it to verify from an outside perspective. > There is not a server in the world that I could not break into if I was on the same subnet ... and I am not even that smart.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
