Date: Mon, 12 Mar 2018 13:55:10 -0700 From: Yuri <yuri@rawbw.com> To: Adam Weinberger <adamw@adamw.org> Cc: "ports@freebsd.org" <ports@freebsd.org>, ports-secteam@freebsd.org Subject: Re: sysutils/ipfs-go downloads pre-built binaries while sources are available Message-ID: <4f70cd4f-6c19-8651-4362-0db3e3398158@rawbw.com> In-Reply-To: <B7C49CA0-0C1C-4829-ABE1-FA0629FC355C@adamw.org> References: <d69ab122-00be-6ed5-cd01-673003700695@rawbw.com> <B7C49CA0-0C1C-4829-ABE1-FA0629FC355C@adamw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/12/18 13:42, Adam Weinberger wrote: > While source is preferred over binary, we don’t delete ports just > because they have binary blobs. Binary downloads have an entirely different trust model. You have to trust the producer of the binary, vs. with source code it is much more obvious what does it do. Neglect or misunderstanding of this difference leads to rampant spread of malware on Windows and cell phones. Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4f70cd4f-6c19-8651-4362-0db3e3398158>