etoys now available in Debian's non-free repository

Frank Ch. Eigler fche at redhat.com
Sat Jun 21 08:47:40 EDT 2008


Hi -

On Sat, Jun 21, 2008 at 12:41:52PM +0200, Bert Freudenberg wrote:
> [...]
> >(Sorry, this is probably OT for this list.)  Considering the age of
> >this smalltalk-derived image, is there some reason to be convinced
> >that it contains no code/data other than that could be regenerated
> >from sources today? [...]

> [...] The images contains instances that were created interactively
> for which there is no source code. I'm not entirely sure how many of
> these instances there are, but it's not only a few for sure. It
> would be a huge undertaking, for no obvious benefit than to satisfy
> those who erroneously believe source code must come in text
> files. [...]

I was trying to hint at another (non-"quaint") reason for that.  How
could someone be sure that such an image contains no malware; no
hidden code that only pretends to run the embedded source code?  This
is one of the fundamental benefits of bootstrapping: one knows exactly
what's in there.


> [...] Anyway, the Debian ftpmasters [...]  were concerned about how
> to be sure what changed from one image to the next. Squeak comes
> with all the necessary tools built into it, but this does not work
> well with their established work flow.

Plus it requires them (and users) to run the tools embedded into the
possibly suspect image in order to describe itself.  Do you see how
there could be a trust problem there?


- FChE



More information about the Devel mailing list