Focus on Linux
Re: How secure is the openSUSE Build Service? Nov 02 2007 01:55AM
Eduardo Tongson (propolice gmail com) (1 replies)
Re: How secure is the openSUSE Build Service? Nov 06 2007 07:40AM
Thomas (tom electric-sheep org) (2 replies)
Re: How secure is the openSUSE Build Service? Nov 07 2007 01:18AM
Eduardo Tongson (propolice gmail com) (1 replies)
Re: How secure is the openSUSE Build Service? Nov 07 2007 06:16AM
Thomas (tom electric-sheep org) (1 replies)
Re: How secure is the openSUSE Build Service? Nov 07 2007 07:52PM
Greg Metcalfe (metcalfegreg qwest net) (1 replies)
On Tuesday 06 November 2007 10:16:49 pm Thomas wrote:
> Am Mittwoch 07 November 2007 schrieb Eduardo Tongson:
> > Aniruddha was asking which is safer. There is a difference between 3rd
> > party repositories and official repositories. If you do not trust the
> > distribution's official repositories your alternative would be Linux
> > from Scratch and individually checking source tarballs.
>
> Which is - of course - very impracticable. :)
>
> I think it is *not* less secure. In the case of OSS it doesn't matter
> anymore. When you trust several thousands developers around the globe,
> hundreds of CVS, SVN, rsync, FTP, HTTP servers used for development and
> dozens of distribution then *one* additional layer in the distribution
> process doesn't really matter.
>
> It is a matter of trust and not a matter of security.

A matter of trust, not security?!?

That's the most bizarre thing I've heard this week, and it's been a very
strange week. Security is fundamentally about trust, from the very basis of
how we even attempt to build secure systems--cryptographic primitives such as
hash functions.

Go back to fundamentals. What's the purpose of a password? To enable *trust*
that Alice really is Alice.

[ reply ]
Re: How secure is the openSUSE Build Service? Nov 12 2007 09:39AM
Thomas (tom electric-sheep org)
Re: How secure is the openSUSE Build Service? Nov 06 2007 07:41PM
Greg Metcalfe (metcalfegreg qwest net)


 

Privacy Statement
Copyright 2010, SecurityFocus