Le Vendredi 28 Septembre 2001 09:57, IT3 Stuart B. Tener, USNR-R a écrit : > > Perhaps you will feel compelled to publish your RPM generating scripts There is no unpublished "RPM generation script". Each RPM build is controlled by a ".spec" file that describes what sources and patches are required, how to install the sources and apply the patches, how to compile, and what to include in the final binary RPM, plus possible installation scripts that should be executed before or after the installation of the binary RPM. For each RPM package I have made, I have provided in the SRPMS directory of the FTP site the ".src.rpm" file that includes all the sources and scripts used in building the RPM, and that includes the .spec file. If you take one of these .src.rpm files and install it on your system, you will find that all the needed sources will be installed in your /usr/src/RPM/SOURCES directory, while the .spec files will be installed in the /usr/src/RPM/SPECS directory. Starting from there, you can recompile your own binary RPMs for yourself (using the "rpm -ba <specfile> command") or perform any changes you wish in the .spec file and sources, i.e. for adding your own patches or source modification, and recreate RPMs from there. So, there's no secret and I haven't kept any single byte of code or script for myself, which wouldn't be on the FTP site. > I am still curious, how Microsoft is able to distribute their operating > system with crypto APIs in it, and Linux is not! This is crazy! What are we > doing wrong? Actually, most Linux distros already come with quite a lot of crypto stuff. Mandrake, for example, comes with GnuPG, OpenSSL, SSH, IPSec, etc... But Mandrake doesn't yet include the cryptoapi, and that's why I created these additional RPM packages. Let's hope that the next official Mandrake release will include it as well. There's no "better crypto" in MS products compared to what you can find in Linux distros, and I wouldn't rely a single second on "MS crypto" which is provided without source code and that many peope consider to be probably insecure or backdoored. On the other hand, all crypto included in Linux is Open Source code, the complete sources are provided, and if ever you do not trust the crypto binairies provided, you are free to review source code by yourself, and recompile your own binaries on your own system. And that is *much* preferable from a security standpoint. Regards. -- Michel Bouissou - OpenPGP DH/DSS ID 0x5C2BEE8F michel@xxxxxxxxxxxx Faites plaisir à votre ordinateur: Offrez-lui un pingouin ! Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
