Re: EL 6 rollout strategies? (Scientific Linux)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/16/2011 02:46 PM, Les Mikesell wrote:
> On 5/16/2011 1:43 PM, John R Pierce wrote:
>> On 05/16/11 11:24 AM, Les Mikesell wrote:
>>> it is somewhat unsettling to think that the
>>> project itself considers that to be a problem.
>>
>> consider what might happen if a core build server for a project as
>> widely used as centos gets penetrated and carefully targetted to slip
>> trojans unnoticed into the final product....  this woudl be a holy grail
>> to the sort of international espionage that is taking place today.
>>
>> be scared, be very scared.
> 
> Yes, but assuming they eat their own dog food and are running the same 
> thing we are, if their servers are penetrated, yours will too even 
> before whatever they are building ships.  And it is something that 
> debian seems to be able to handle.  In any case, with full automation it 
> would be easy enough to duplicate the final build on a trusted server 
> and compare the results before distribution.  Or for someone else to do 
> it to verify from an outside perspective.
> 
There is not a server in the world that I could not break into if I was
on the same subnet ... and I am not even that smart.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux