[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gordon Henderson wrote: > On Mon, 14 Jun 2010, Juan J. Martínez wrote: > >> I verify the sources integrity before installing, because it's easier >> than review the source code looking for backdoors ;) > > Reviewing source code for backdoors is pretty pointless anyway ... Thus died the OpenBSD project ;) > Read this: > > http://scienceblogs.com/goodmath/2007/04/strange_loops_dennis_ritchie_a.php > > Now how do you compile the first C compiler... ;-) You write it in Forth ;) All this proves is that reading the source code can't fix all the bugs in your binaries, it doesn't stop it being a valid technique for improving or checking code. The problem with backdoors in source code is they can be awfully short and hard to spot, although in the Linux "trojan" case it would be pretty obvious to anyone who looked at a diff of the code. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html