Greg writes: > So every line of code during every build is verified? No, but there are enough people poking around in the source that the odds of getting away with a trojan are too low to make it worth doing. If it was being done at least one trojan would have been spotted by now.
> So the build machines could never possibly get hacked to compile with > different code than what is in a source package? They could be, but the autobuilders are frequently fiddled with. Such a break-in would soon lead to breakage which in turn lead to the break-in being discovered. > Or that a government that murders people... I.e., the usual kind. > ...wouldn't consider an OS that millions of people use worth looking > at? Court orders (or just men with guns from governments that don't bother with courts) are sufficient to get them what they want from commercial servers, which is all they care about. Governments just don't give a damn about your desktop. Sorry if that bruises your ego. They may be interested in your email and Websurfing in the unlikely event that you are a "person of interest", but they can get that from your provider. -- John Hasler jhas...@newsguy.com Elmwood, WI USA -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zjukbxcm....@thumper.dhh.gt.org
