On Sun, Oct 08, 2000 at 02:34:16PM -0700, Paul Lowe wrote: > When was the last time someone looked over the entire code base of mySQL to > make sure it didn't have a trojan inside? I mean hey, theoretically, who > goes over source code? Reading other programmer's source is both painful and > difficult. It would not be hard for someone to release a oss package, > announce it on freshmeat, have it distributed to thousands of people -- and > have malicious code inside it. I mean, hey, do you always read the Makefile > to make sure it doesn't contain a line that says "rm -rf /" for "make > install"?
When? Probably in the last month or so. People actually do audit these things. Not before they get posted to freshmeat, but I'm dubious about things from random sites anyway... it's a survival trait. Packaged programs in distributions are generally fairly well looked-over and tested. Dan /--------------------------------\ /--------------------------------\ | Daniel Jacobowitz |__| SCS Class of 2002 | | Debian GNU/Linux Developer __ Carnegie Mellon University | | [EMAIL PROTECTED] | | [EMAIL PROTECTED] | \--------------------------------/ \--------------------------------/
