Hi, I hope that this is the correct mailing list for this question, and that you can easily provide a quick response.
I am currently working within the UK Ministry of Defence, and am trying to get Apache web server accredited as software able to be installed on one of our defence networks. However, one of the barriers I am coming up against is the argument that, because it is open source, that someone could contribute a Trojan horse to the code and that the code could be included in the official product. What I would like to know, so that I can dispel this, is what procedures are in place to prevent this happening? I know that all downloads are digitally signed, but what other procedures are in place? For example, how is code signed-off for inclusion in production releases? I am going to a meeting about this very shortly so would appreciate a prompt response! Many thanks, Andy Beverley