On Sat, 31 Mar 2007 23:27:19 +0100 Steve Long <[EMAIL PROTECTED]> wrote: > Stephen Bennett wrote: > > ... Gentoo developers can take the latest release of said package > > manager and continue development from that. That's the wonderful > > thing about the GPL, no? > > Too late for all the affected users tho. Point is it's a major > security hole which no sane organisation would even consider for > mission-critical code.
Do you really think anyone checks every last line of code in every release of every system package? Sneaking in a check for /etc/gentoo-release with a time-delayed nasty into a widely used package wouldn't be particularly hard for anyone serious... Heck, getting oneself recruited under a pseudonym and sneaking some very nasty global scope code into the tree wouldn't be particularly hard for anyone serious... These arguments are getting weaker and weaker... -- Ciaran McCreesh
signature.asc
Description: PGP signature