On Sun, Jul 13, 2008 at 11:38 PM, John Andersen
On Sun, Jul 13, 2008 at 6:14 PM, Carlos E. R.
wrote: There is no strong web of trust in the pgp sense (face to person signing of keys). True, but with source code availability this is less needed. (Anticipating your next question, No, I don't read every line of source code. :-(
No, we simply search for a repo that contains what we want (with a search engine, perhaps), add it, answer yes to all questions. Bingo! F!
Maybe some do, but I bet most don't. I bet you don't. Usually by the time you figure out how to add repros you also figure out some of the risks.
I'm not telling there is inmediate danger, but that there could be. It scares me more than viruses, that's a fact.
That's for sure. I would think a port-open log would be a useful thing. (Outbound and Inbound). Thatway the ticking timebomb at least leaves a track when it opens a port in the wee hours and sends your database to China.
You can upload it to the opensuse wiki... that seems to go pretty unchecked, too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org