[Slackbuilds-users] Corcern about sources' procedence

Klaatu notklaatu at straightedgelinux.com
Thu Jun 9 15:11:08 UTC 2011


There's no need to follow links from SlackBuilds.org for anything more than 
the SlackBuild itself, which you can audit and verify manually.  Proceed to 
your trusted site for the source code, grab the source, edit the SlackBuild 
script as needed, and build. 

I guess the larger issue, really, as Ben I think is saying, how do you know 
ANY source code you download is trustworthy?  As Ken Thompson says in Ben's 
link (great article, btw, thanks for the link Ben)  "The moral is obvious. You 
can't trust code that you did not totally create yourself."

-- klaatu



On Thursday, June 09, 2011 10:43:27 am Niels Horn wrote:
> On Thu, Jun 9, 2011 at 8:40 AM, Bradley D. Thornton
> 
> <Bradley at northtech.us> wrote:
> > I don't think a black hat would have bothered me as much as a *red* one
> > Niels ;)
> 
> Red Hat? No I'd never use such a thing... :-)
> 
> --
> Niels
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - http://slackbuilds.org/faq/


More information about the SlackBuilds-users mailing list