Bruce,
> Note that Red Hat, Caldera, etc. are just as liable to pick up and compile
> a package whose author built in a booby-trap.
IMHO, Red Hat, Slackware, Irix, SunOS, Solaris, HPUX are NOT AS
LIKELY to INSTALL a booby-trapped package. Since extraction, compilation,
and testing are nominally done by an unprivelaged user (e.g. tool.bin)
before privelages are granted, a booby-trap has to be clever enough to pass
the fitness of purpose testing done by the tool manager.
Users, groups, and permissions are used like doors. They separate
the bearer bonds (behind the safe door) from the silverware (in the fancy
chest) and the phone book (lying on the counter). They separate the food
(kitchen) from the pesticides (garage). Valuables like pap-secrets
are protected behind superuser privelages. Good stuff (like internet
access) may be protected by user privelages. The home page may be
unprotected.
> We are working on this problem
> by establishing a standard for authors to use when signing their software,
> and we will work to get authors into the PGP web of trust through our
> certification authority or other means (like having a local Debian developer
> check them out) so that we can trace software all the way back to the
> original author.
Author traceability is good, but a central certification authority
implies either a substantial barrier to entry (the cost of certification
process reliable enough for valuables), or a risk of forgery too high to
protect valuables.
Author certificates are like badges. Without doors
(or with everything from the company advertising calendars to the payroll
cash in one room) they are useless.
Thank you,
--
Robert Meier
FANUC Robotics North America, Inc. Internet: [EMAIL PROTECTED]
Voice: 1-810-377-7469 Fax: 1-810-377-7363
