qboosh at pld.org.pl
Tue Dec 17 23:18:51 CET 2002
On Sun, Dec 01, 2002 at 02:36:55PM +0100, Mariusz Mazur wrote:
> On Sunday 01 December 2002 13:59, Michał Margula wrote:
> > Would be nice but I haven't found at their site anything about security,
> > because you need to trust your builders which could inject trojans into
> > compilation results.
> Currently I can add a trojan to something, say "ac/am fixes" in commit log,
> and there is a huge probability that nobody would *ever* notice.
I think it's rather small. Some people (guess who ;>) read most of patches
to packages they are using (or at least compiling, changing and messing with
on other ways).
It would be much larger, when you put trojaned sources...
Jakub Bogusz http://www.cs.net.pl/~qboosh/
More information about the pld-devel-en