[4929] in cryptography@c2.net mail archive
RE: Could Open Source Software Help Prevent Sabotage? (fwd)
daemon@ATHENA.MIT.EDU (Damien Miller)
Tue Jun 22 11:02:54 1999
Date: Tue, 22 Jun 1999 10:09:08 +1000 (EST)
From: Damien Miller <dmiller@ilogic.com.au>
To: Michael Cervantes <mcervantes@netspeak.com>
Cc: "'cryptography@c2.net'" <cryptography@c2.net>
In-Reply-To: <E299274A3F18D211B9E700600805A01D0159D373@crash>
On Mon, 21 Jun 1999, Michael Cervantes wrote:
> Most open source software is distributed in a tar file with just makefiles,
> docs, and source. You compile the object directly from the source code that
> is provided. However, binary packages are becoming more common as package
> management apps like Redhat's RPM become ubiquitous, and it is important
> that sys admins recognize the significance of this.
RPMs and other modern binary package formats include signatures
(PGP in RPM's case).
In most cases you can also obtain source packages. In RPM's case
a source package consists of a "pristine" source archive, zero or
more patches to the the source and a "spec" file which describes
the package and build procedure.
Having the modification seperate from the original source, and
thus the ability to verify the integrity of the original source
helps quite a bit.
Regards,
Damien Miller
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.ilogic.com.au/~dmiller
| Email: dmiller@ilogic.com.au (home) -or- damien@ibs.com.au (work)
