Re: [SuSE Linux] Fwd: Re: RPM (was gtk+)

[zentara]

Scott Bronson wrote:
> 

> > I guess time will tell. How long do you think it will
> > be before warnings are issued about some rpm that contains
> > a trojan?
> 
> There have already been tarball trojans.  Nobody reads every line of
> source before they make install.  Few people even scour the makefile.
> As always, caveat installer.
> 
> My guess is that PGP/MD5-verified RPMs from Red Hat and SuSE will never
> have trojans--both companies are very good about the software they
> pick.  

>If they do mistakenly ship a trojan, you can bet their customers
> will hear about it and the fix very quickly.
> 

Unless it is "government-sponsored" under some secrecy act.
Key-stroke recorders are good for "national security"


Have you heard of any  "source-code scanners" that will scan thru
c source , looking for suspicious blocks of code?
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html