12 Jan
2007
12 Jan
'07
04:23
On Thursday 11 January 2007 8:59 pm, James Knott wrote:
#1 How can I know that the software that I install is the same as what the source is?
Compile from source.
Many years ago Ken Thompson (or maybe it was Dennis Ritchie) gave the ACM Turing Lecture on, essentially, coding tricks. He showed how it was possible to booby-trap a compiler using repeated bootstraps in such a way that the compiler was corrupted, yet its visible source code was clean. Recompiling the compiler would retain the corruption. And such a corrupted compiler could do anything, of course. Paul -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org