[sf-lug] about /usr/local and package management
jim stockford
jim at well.com
Wed Oct 18 13:58:19 PDT 2006
On Oct 18, 2006, at 9:54 AM, Rick Moen wrote:
> [1] How to check the security of a system whose software you don't
> trust
> is a non-trivial problem.
>
well, there's downloading the source code, reading
every line (and understanding each), and compiling
and installing. Seems doable for chkrootkit and the
like but not dependable in the main per human fatigue
either wrt larger programs or many other such.
there's md5sum and trusting the maker.
there's trusting the distro.
A NOC guy taught me "trust is efficient". Your tho'ts?
More information about the sf-lug
mailing list