etoys now available in Debian's non-free repository

Frank Ch. Eigler fche at redhat.com
Sat Jun 21 14:57:52 EDT 2008


Hi -

On Sat, Jun 21, 2008 at 02:50:59PM -0400, Jim Gettys wrote:
> > Plus it requires them (and users) to run the tools embedded into the
> > possibly suspect image in order to describe itself.  Do you see how
> > there could be a trust problem there?
> 
> Note this is no different than any time you use a compiler binary
> provided by someone else...  The attack is just as complete...
> http://cm.bell-labs.com/who/ken/trust.html

If that's the best attempt to reassure etoys users/packagers, no
wonder the debian people are balking.  The Thompson Trojan is a
noteworthy idea, but surely you see the wholly different degree of
paranoia we're talking about when we're asked to trust a decades-old
virtual machine image as compared to a bootstrappable system.

- FChE



More information about the Devel mailing list