Date: Sun, 18 Mar 2001 16:37:32 -0500 From: The Babbler <bts@babbleon.org> To: Rich Morin <rdm@cfcl.com> Cc: freebsd-stable@freebsd.org Subject: Re: ports vs. packages... Message-ID: <3AB52A9C.53D6D7F7@babbleon.org> References: <3AB3C1C2.67E1AB9B@yahoo.com> <20010317125349.E22316@mollari.cthul.hu> <20010318194637.A10260@acc.umu.se> <p050019b2b6dab14856c1@[192.168.168.205]>
next in thread | previous in thread | raw e-mail | index | archive | help
Rich Morin wrote: > > At 7:46 PM +0100 3/18/01, Markus Holmberg wrote: > >Isn't there a small security advantage with building from source > >(compared to downloading packages from an untrusted party)? > > Access to the source code (and even a close examination of it) isn't > enough. See Ken Thompson's Turing Award lecture, "Reflections on > Trusting Trust": http://cm.bell-labs.com/who/ken/trust.html A fascinating paper, but not really the point that he was making. He was saying that the ports do a checksum verification of the sources, which means that as long as you trust your ports (which you frequently do since they were on the installation CD), then you don't really *have* to trust your download mirrors that much 'cause the code is being verified against the trusted checksum. But if you download a package, they could have put anything in there and you have no trusted way to verify it if you don't trust the mirror in the first place. Of course, per Mr. Thompson's paper, if you can't trust your system initially then you can't trust any changes you make to the system because some pre-existing component (like the compiler) could have a trojan implanted that will defeat any subsequent security precautions your take. But the ports still do add a modium of security. Another advantage of ports: you have the source handy. Just yesterday I had a problem with mkisofs, and while a careful reading the man page might have shown me which of the sqazillion options I needed to use to make it happy, it took about mere minutes with the source code to find it. And if I hadn't been able to find a pre-existant option, I could have hacked the source to what I wanted. (Actually, that was my original intention but luckily I found there was already a handy option.) The easy access to prepackaged auto-installing source was one of the primary reasons I switched to FreeBSD in the first place myself. That said, I'm starting to use packages more & more for lots of things. -- "Brian, the man from babble-on" bts@babbleon.org Brian T. Schellenberger http://www.babbleon.org Support http://www.eff.org. Support decss defendents. Support http://www.programming-freedom.org. Boycott amazon.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AB52A9C.53D6D7F7>