axiom-developer
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Axiom-developer] RE: Bootstrapping


From: Jay Belanger
Subject: Re: [Axiom-developer] RE: Bootstrapping
Date: Thu, 10 Nov 2005 09:57:23 -0600
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

"Bill Page" <address@hidden> writes:
...
> It must be the approaching Winter season or maybe it is this pain
> in my back that wont go away anymore, but I seem to be disagreeing
> with almost everyone here lately... :(

I don't think that's right.
(Sorry.)

> I believe that such an attack is technically possible, but I 
> disagree strongly that therefore there is a good reason to suspect
> all binaries.

Tainted binaries are rare, but they do exist.  Trying to avoid them
seems like common sense.
(Tainted sources also exist, but they get spotted easier.)
There's an old saying (Finlay Peter Dunne)
  Trust everyone, but cut the cards. 
Not relying on binaries is, if nothing else, cutting the cards.

>> > Not in light of things like Ken Thompson's proposed attack. 
>> > Security people may be paranoid, but on the internet paranoia
>> > is a virtue.
>
> No. Paranoia is a disease, like depression. It is a social/medical
> condition that needs to be treated.
...
>> For a sysadmin, the absence of paranoia is called professional 
>> incompetence.
>
> I think your colleague does not have a clear understanding of
> security.

I think you're taking "paranoia" too literally.

But you might disagree.  (See above.)

Jay




reply via email to

[Prev in Thread] Current Thread [Next in Thread]