On 11/12/09 20:51, Marcus Meissner wrote:
Have you read and understood what was stated in that kubuntu forum posting?
Have you understood what I am asking/questioning here?
Novell/openSUSE has pushed out the development of oS unto "the community" - the "Build Service" - and any upgrades to the oS are installed with zypper or YaST which ask for root privileges before being implemented.
As far as I am aware Novell/openSUSE have no way of checking the benevolence of what is produced in BS - except by user peer-review. And by the time the review is made the damage to some system is done -- but Linux keeps claiming, or at least not coming forward to dispel the impression, that users hold that Linux is not vulnerable to security breaches.
For sources to be included in the openSUSE Factory and openSUSE release they have to pass 2-3 review steps.
- The packager itself who submits the package.
(You probably assume he might be malicious).
NEVER! Wouldn't dream of doing this....unless it is a nightmare :-) .
- The reviewing maintainer in the Development Projects of openSUSE Factory.
- The build team who finally checks in the sources into openSUSE Factory.
Things could be slipped by those 2 additional reviewers with enough subterfugue or obfuscation.
The rest of the openSUSE buildservice repositories are of course under the control of the people maintaining those projects/repos.
So if you install stuff from home:kevinmitnick:something the "kevinmitnick" user is totally in control of what is contained there, be it evil or good. We (as openSUSE project or Novell) do not control that.
So in the end you should apply varying degrees of trust to different OBS projects.
Ciao, Marcus
Many thanks, Marcus, for your response. Taking into account all that you said above, the most important thing which I would like to pin down is: is the claim that Linux is 'secure' and is "unhackable" and that while MS and Mac are vulnerable to hackers etc something like openSUSE is NOT - unless, of course, a Window's emulator is being run on the OS in which case of course normal security crappola used for Windows has to be taken to avoid viruses, trojans, etc and etc and etc.
From your response, and from other responses I have read, it seems that all these responses are skirting around this very basic question of security: is openSUSE impenetrable or not?
OK, the Packager, the Development Project team member, the Build Team can each cock-up and let through a "nasty". Fine. But are you implying that if this should happen then the Linux system we are running is not as wonderful as it is made out to be by some people and can, therefore, suffer the same hernia as any MS or Apple OS now can suffer from malware? Yep, I've heard the arguments that Linux is now safe simply because all the attention is being paid to MS/Mac systems because they are the most popular, bs, bs, bs - but that Linux OSs are immune from all the "nasties" which plague the MS/Mac OSs. Yep, and I also have heard that there is no system which cannot be penetrated and that while at the moment things are "safe" there is nothing to say that a week, or so, from now someone will not come up with a way to circumvent security. However, with Linux, because there are many, many eyes examining the code - unlike the proprietary OSs - Linux OSs remains and will remain 'secure'. But the bottom line is: have we been all living with the misconception put about by Linux fanatics that Linux systems are secure, unlike MS/Mac systems, and therefore we can go to sleep peacefully every night without a worry in the world ? :-) . BC (PS. Somehow I feel that we have had a similar 'conversation' some time ago (~2 years ago?)) -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org