John Sonnenschein wrote: > On 18-Nov-08, at 1:37 PM, Jim Walker wrote: > >> John Sonnenschein wrote: >>> It's one thing if someone makes a mistake and accidentally breaks >>> things, >>> even security things, it's another thing if we institutionalize and >>> automate >>> the ability to upload malware. Even debian/unstable hasn't done >>> that. Do we >>> /really/ want to be the first to have viruses in our blessed repos? >> We can update the language relative to source code, but it's a big >> jump to >> imply we are opening the doors to malware. >> >> All the packages going into /contrib and /pending go through review by >> the community, which on it's own, provides a big filter. > > My point is essentially that unless the source code is built by a > controlled system there's no way to verify that it is what the source > code pointer says it is, so it ought to be treated as an exception to > the rule, which means that someone trusted ought to be the submitter > (or trusted by proxy) and the default shouldn't be to accept the > package. If there's a good reason to have a pure binary, there's a > reason and it can be accepted assuming the trust is there. > > Malware is perhaps an extreme example but as I see /pending now > there's not a whole lot preventing it other than someone vetting that > the package through some minimal amount of testing does what it claims > to do at this moment. If it's malware there's no real way to detect > that even post-mortem.
The reality is, even with source code, or automatically building something, there's no practical way to guarantee that a program is not malicious (unintentionally or not). Specifically, I sincerely doubt that every single contributed package is going to have every single line of source code checked to verify that something malicious wasn't introduced. I agree that it can reduce the risk, but it does not eliminate it. -- Shawn Walker _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
