An entity claiming to be David Cantrell ([EMAIL PROTECTED]) wrote:
:
: And as a matter of fact, I *did* check the script by hand before piping it
: in to a shell. Of course, that still doesn't help when it comes to
: verifying all the binaries involved. Perhaps you're saying we should
: never install binaries, and should compile everything ourselves. Perhaps
: we should check every line of code first before compiling.
:
I never said that I was any less guilty of said idiocy ;)
However, I have to disagree with the all-or-nothing approach to system
security. In a digital network, you _can't_ make things absolutely secure,
hence the concept of a threat model ... you tailor your security policy to
fit the potential threat to the system instead of all possible threats.
Rather than ignore security because it will never be bulletproof, I think
it is much better to construct a reasonable security model for CPAN. A
reasonable first step would be to support digital signatures for
distributions on CPAN. This would, at the very least, reduce the
vulerability to the problems inherent in public key encryption (key
management, verification, MitM, etc). By developing a security model for
CPAN, we shift the weak links to the system rather than the new software.
Mark
--
Mark Rogaski | "What in the ding-dong-heckama-doodle
[EMAIL PROTECTED] | hell is that?"
http://www.pobox.com/~wendigo | -- a farmer in the 1992
__END__ | movie "Seedpeople"
PGP signature
