etoys now available in Debian's non-free repository
Frank Ch. Eigler
fche at redhat.com
Sat Jun 21 14:57:52 EDT 2008
Hi -
On Sat, Jun 21, 2008 at 02:50:59PM -0400, Jim Gettys wrote:
> > Plus it requires them (and users) to run the tools embedded into the
> > possibly suspect image in order to describe itself. Do you see how
> > there could be a trust problem there?
>
> Note this is no different than any time you use a compiler binary
> provided by someone else... The attack is just as complete...
> http://cm.bell-labs.com/who/ken/trust.html
If that's the best attempt to reassure etoys users/packagers, no
wonder the debian people are balking. The Thompson Trojan is a
noteworthy idea, but surely you see the wholly different degree of
paranoia we're talking about when we're asked to trust a decades-old
virtual machine image as compared to a bootstrappable system.
- FChE
More information about the Devel
mailing list