[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ppc
Subject:    Re: verifying /contrib (was gftp2.0.5a-1 in contrib is slightly screwed
From:       R Shapiro <reshapiro () mediaone ! net>
Date:       1999-10-23 20:22:47
[Download RAW message or body]


hollis@andrew.cmu.edu writes:
 > Unfortunately, the manpower to examine each contrib'd rpm is simply not
 > there.

Fair enough.


 > But even then, there's no way LinuxPPC Inc could individually check each
 > and every binary for trojans.

The security issue was a passing comment, I don't want to get hung up
on that (though I have the unpleasant feeling we will anyway, since
everybody like to talk about security :-).

I was more interested in knowing whether anyone was checking whether
the contributed rpms actually installed, and that the code thus
installed actually ran.  If you don't have the staff for it, you don't
have the staff for it -- I was just asking, not complaining...



 > The good news is that none of the binaries uploaded to contrib make
 > their way into the main distribution.

Good, that was my next question :)


-- 
reshapiro@mediaone.net


** Sent via the linuxppc-user mail list. See http://lists.linuxppc.org/

[prev in list] [next in list] [prev in thread] [next in thread]