-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicholas,
Vigorito, Nicholas E. wrote: > You are trusting that someone built the binaries directly from the > source code without any additional modification or back-doors built in. True. But then again, you are trusting commercial companies to do the same. Also, are you really going to read every source file to make sure that there are no back doors built-in? If you trust the source, why not trust the binary? You can always make sure that a mirror isn't serving a Trojan'd binary by comparing the digital signature of the file you download with the official signature on the Tomcat website. > Also building from the source allows you to either specify the default > build or add/subtract modules/functionality that you want or don't want. This guy must be a Gentoo fan ;) (Seriously, though, I love Gentoo.) Tomcat pretty much has no optional components. Sure, there are lots of Valves and stuff not enabled by default, but their presence doesn't slow anything down since they're not active. I suppose you could argue that few could save a few megabytes of disk space by removing some of the unused portions, but it's really just not worth it. > The only sys admins I know of that install from binaries on Linux > machines are the lazy ones or the ones that have no clue what they are > doing. Heh. Building from source can be seriously tedious, especially when your package management utility isn't designed to do it gracefully (apt-get: I'm looking at /you/). Any system administrator that just downloads tarballs and builds/installs from them is seriously wasting their time. > I would never install open source from binaries on a machine I did not > want someone to break into. Sounds like rampant paranoia to me. Want my advice? Install Tomcat as a binary package. You get no benefit whatsoever from compiling it yourself IMO. Tell your sysadmin friend that he can build you a binary once he finishes his code audit of the source he downloads. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGsk8c9CaO5/Lv0PARAnY1AJ48lJcgAVXBf+AupoQpvTq7H5uXdQCbBZO4 jQjskp7P/2rIoYlClqQUPJs= =gzEz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
