Re: RPM security (a newbie question)

On Thu, 2009-04-02 at 10:12 -0500, Mikkel L. Ellertson wrote:
Then again, if you want to be safe, you should only use code you
have written/inspected yourself, compiled on a compiler that you
have written yourself. After all, it was proven that you could imbed
code in the compiler that would be added to any program that you
compiled with it, and would not show up in the compiler source code.
(The compiler would add the code automatically when compiling itself.)

Here's a link to Ken Thompson's "Reflections on trusting trust" which
discusses these ideas:

It's a short essay/talk and well worth the read.


fedora-list mailing list
To unsubscribe:

Relevant Pages

  • Re: Parallelizing C/C++ code
    ... It's worth the effort if you can achieve a speed up without a penalty ... It gets tricky when there is dynamic optimization ... The best evidence for whether a compiler feature is worth implementing ... vendors implement novel forms of parallelism beyond loop splits or SSE ...
  • Re: Delphi 8 ... is it a worthy investment?
    ... grin, that would, as an upgrade, actually be worth $400 to me. ... it came bundled with an updated Win32 compiler, ... providing a discount to D7 owners upgrading to D8 (Pro SKU)). ...
  • Re: More fuel for the 64-bit fire ...
    ... Most server stuff isn't going to need a fancy IDE ... Even if they had a 64-bit IDE and compiler, VCL, ... Is it worth delaying D2006 by a year while ... If Borland wants to look at native 64bit output for ...
  • Re: [08/08] uml: va_copy fix
    ... > basically not worth it for plain C until 3.3 or so. ... > require dependencies on compiler internals. ... Support for the old ... send the line "unsubscribe linux-kernel" in ...
  • Re: Object Pascal Stigma, Useless Survey Question
    ... > When I suggested the replacement of begin-end with ... IMHO the issue is not how difficult complier conversion would be, ... At a minimum, I would want a compiler switch to enable compiling existing, ... this is purely cosmetic and not worth all our discussion. ...