Re: Mailman in Perl (Re: the list is dead, long live the list)

[David Cantrell]

On Mon, Jan 15, 2001 at 10:20:02AM +0000, David Cantrell wrote:
> On Sun, Jan 14, 2001 at 11:26:28PM -0500, Mark Rogaski wrote:
>
> > It's also sheer idiocy to pipe arbitrary code from an untrusted, unverified
> > source directly to the shell.
> 
> Of course, it's equally stupid to install software from an untrusted,
> unverified source using any other method.

And even CPAN counts as untrusted and unverified - how am I to tell that
$random_mirror has not been compromised?

And as a matter of fact, I *did* check the script by hand before piping it
in to a shell.  Of course, that still doesn't help when it comes to
verifying all the binaries involved.  Perhaps you're saying we should
never install binaries, and should compile everything ourselves.  Perhaps
we should check every line of code first before compiling.

-- 
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david

  Any technology distinguishable from magic is insufficiently advanced