Re: How do you hack on GNOME? How can we do better?

On 21/07/15 19:45, Owen Taylor wrote:
On Tue, 2015-07-21 at 12:22 +0100, Simon McVittie wrote:
VMs do have the advantage that they are definitely a trust boundary:
running a branch of some component in a VM does not require you to 
trust that branch with all your data, credentials and so on.

This only works, of course, if your *builds* are also inside the
virtual machine, or are effectively sandboxed.

Indeed. Sorry, yes, when I said "running" I meant "building, installing
and running".

Hmm, I have some strong doubts about packagers as a reliable line of
defense against malicious code - especially since malicious code could
be very subtle.

You're right that it isn't perfect, but it's better than nothing.

Code received through a well-implemented package system at least has
some sort of trust chain/signing to avoid undetectable alterations,
which puts it ahead of unauthenticated protocols like the git:// transport.

Simon McVittie
Collabora Ltd. <>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]