On 04/17/11 05:47 PM, Alan Coopersmith wrote: > On 04/16/11 05:37 PM, Nikola M. wrote: >> Exactly, that is why Admins should go and use only audited software that >> someone else (maintainer) patched, changed and who's changes are audit >> able from a trusted party and visible by others. >> Aether some guy that is actually looking at the source code before >> putting it out >> or a company that have employed people for doing that (Oracle) who you >> maybe could potentially trust, while source changes are also released. > Most packagers, whether individuals working on projects like SFE or employees > of companies like Sun & Oracle, don't have the time (or in many cases the > knowledge) to audit all the source code they're building. I know I've not > looked at all of the millions of lines of code I brought in from open source > projects and integrated to Solaris, and I know I'm not alone. > > The whole open source world is held together by distributed webs of trust. > You trust Oracle or OpenIndiana to build and deliver X packages from the > sources I provide. I trust the developers at X.Org to not intentionally > put malicious code in the system (though I know they're human and bugs will > be there). The X.Org developers trust each other to vet new code and > new people being considered for commit access, and trust the developers of > tools like git & gcc to not insert trojan horses into our code via our > use of them. The list could go on for a long time - see the classic paper > "Reflections on Trusting Trust" by Unix co-creator Ken Thompson. > ( http://cm.bell-labs.com/who/ken/trust.html ) Thank you Alan. That is exactly what is important. No ode can audit everything alone. So we rely on per-patch auditing of changes to in the end have software that is maintainable and audited as a result.
Undisturbed chain of trust and being dependent on someone maintaining software upstream, before user, and on the other sides, is what everything relies on. Auditing those changes as they come, regarding he's or she's project and checking them out when they go upstream or are changed from upstream when porting. Time and money needed to re-link the chain of trust like this again is too great, from any personal gain or reason of breaking it intentionally. _______________________________________________ desktop-discuss mailing list [email protected]
