Re: Viruses
- From: Bruce Stephens <bruce cenderis demon co uk>
- To: gnome-list gnome org
- Subject: Re: Viruses
- Date: 07 Jul 1999 00:14:30 +0100
Haustov Konstantin <haustov@geocities.com> writes:
> Bruce Stephens wrote:
> > I can look inside an rpm/tar/pkg before I install it; I
> > can't (necessarily) look inside an executable.
>
> You can. But do you always look?
No. For binaries, I get them from places I trust (known mirrors of
RedHat sites, say). But then, people (including me) do that with
Windows binaries, too.
Mostly, I compile from source. But then I don't check that either
(except the bits that interest me).
As a community, we're certainly somewhat vulnerable to attack in this
way. Things are still *lots* better than the Windows world, where
people are used to receiving binaries and executing them (with
complete privilege).
But things could certainly be better---we could use (and check)
signatures more routinely. (As suggested not so long ago by, erm,
Bruce Perens wasn't it?)
The hundred or so Linux portals could help here, by providing (using
HTTPS) reasonably secure places to download PGP (or GPG) public keys
of prominent programmers. (Or just the portals' public keys, and then
they could sign the keys of the programmers.) Probably, the
conventional web of trust isn't going to connect me with everyone
whose programs I might want to use, but having some assurance would be
better than nothing, and I'd consider HTTPS with RedHat, say, to be
good enough for this.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]