<quote who="O Plameras"> > I do not need to read the entire codes to come up with an audited, > compiled, and secured system. Depending on the security requirements I > priorities what I need to look for.
Auditing means inspecting the code. The act of compilation has nothing to do with security. > I am sorry, but many more people have written and told the same story I > have told here. > > Try and search Google or Yahoo about Computer OS Security Process > Compilation or something similar and you will probably hit one or two > sites that says in some US Military or Gov Departments compilation of > everything for security reasons are required. > > I'm not suggesting you copy the USA, I'm just making a point because it > seems you are not aware of this generic rule. Oscar, you are dangerously conflating issues. High security environments do not require *compilation* of everything "for security reasons". The act of compilation has nothing to do with security. High security environments, in a substantial number of cases, require access to, and validation of, the source code. That is an entirely different matter. You are not taking into account the related issues of maintenance, expert code review, stability, and so on. These have more impact on security in the long term than any (read: absolutely no) gains you will get from the act of compiling the software yourself. - Jeff -- linux.conf.au 2005: Canberra, Australia http://lca2005.linux.org.au/ <boc> man i rule <bram> boc: how do you rule? <boc> with authority -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
