[distributed builder?]
Jakub Bogusz
qboosh at pld.org.pl
Tue Dec 17 23:18:51 CET 2002
On Sun, Dec 01, 2002 at 02:36:55PM +0100, Mariusz Mazur wrote:
> On Sunday 01 December 2002 13:59, Michał Margula wrote:
> > Would be nice but I haven't found at their site anything about security,
> > because you need to trust your builders which could inject trojans into
> > compilation results.
>
> Currently I can add a trojan to something, say "ac/am fixes" in commit log,
> and there is a huge probability that nobody would *ever* notice.
I think it's rather small. Some people (guess who ;>) read most of patches
to packages they are using (or at least compiling, changing and messing with
on other ways).
It would be much larger, when you put trojaned sources...
--
Jakub Bogusz http://www.cs.net.pl/~qboosh/
More information about the pld-devel-en
mailing list