On 18-Nov-08, at 1:40 PM, Shawn Walker wrote: > John Sonnenschein wrote: >> On 18-Nov-08, at 1:37 PM, Jim Walker wrote: >>> John Sonnenschein wrote: >>>> It's one thing if someone makes a mistake and accidentally >>>> breaks things, >>>> even security things, it's another thing if we institutionalize >>>> and automate >>>> the ability to upload malware. Even debian/unstable hasn't done >>>> that. Do we >>>> /really/ want to be the first to have viruses in our blessed repos? >>> We can update the language relative to source code, but it's a >>> big jump to >>> imply we are opening the doors to malware. >>> >>> All the packages going into /contrib and /pending go through >>> review by >>> the community, which on it's own, provides a big filter. >> My point is essentially that unless the source code is built by a >> controlled system there's no way to verify that it is what the >> source code pointer says it is, so it ought to be treated as an >> exception to the rule, which means that someone trusted ought to >> be the submitter (or trusted by proxy) and the default shouldn't >> be to accept the package. If there's a good reason to have a pure >> binary, there's a reason and it can be accepted assuming the trust >> is there. >> Malware is perhaps an extreme example but as I see /pending now >> there's not a whole lot preventing it other than someone vetting >> that the package through some minimal amount of testing does what >> it claims to do at this moment. If it's malware there's no real >> way to detect that even post-mortem. > > The reality is, even with source code, or automatically building > something, there's no practical way to guarantee that a program is > not malicious (unintentionally or not). > > Specifically, I sincerely doubt that every single contributed > package is going to have every single line of source code checked to > verify that something malicious wasn't introduced. > > I agree that it can reduce the risk, but it does not eliminate it.
Even if it doesn't eliminate it it serves as a big disincentive to do anything by virtue that it's not easily hidden, it's the same reason supermarkets put up cameras to prevent shoplifting, in reality it does very little but it leaves evidence behind which in and of itself stops some people. -JohnS _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
