On Wed, Aug 27, 2003 at 03:33:01PM +0200, Jon Bendtsen wrote: > Kris Boulez wrote: > >On Mon, 2003-08-25 at 13:27, Rus Foster wrote: > > > >>On Mon, 25 Aug 2003, Allen Parker wrote: > >> > >> > >>>If you guys need a mirror, I'd be happy to provide anon-rsync, anon-ftp, > >>>and > >>>http access to the diskimages. > >>> > >> > >>OK First copy of the files are at http://www.jvds.com/vserver. I'm just > >>finishing up the other images > > > > > >First of all, let me say that I find this a good idea. > > > >I do have a question though from a security point. How are these images > >created ? Are there any scripts used we can examine/run ourselves ? > > This is a basic problem, but let me ask you another... > Do you personaly check the patches for the linux kernel that Jaques > makes?
yes, of course 8-) > Are you familiar with the history of how ken tompson? got a > backdoor into gcc? yes, AFAIR it's in the Jargon Dict ... > The point i am making is that you cant _TRUST_ > everything, but at some point you have to trust someone to get a > computer, to get software, to get ... trust in me .... > That aside, if you want to run a debian vserver, (not neasesarely in the > root server), then paul.allen.com? or something has a script called > debian-newserver.sh, that creates everything from a debian mirror. > (or so it appears, so i trust that it does get it from a mirror). > Besides, what good is a vserver, the "root server" is MUCH more valuable. agreed on that ... best, Herbert > JonB
