synth documentation
John Marino
freebsdml at marino.st
Wed Feb 10 09:11:29 UTC 2016
On 2/10/2016 10:01 AM, Kurt Jaeger wrote:
> Hi!
>
>> I'm racking my brains and I can't find a single rational reason why
>> somebody would refuse the package (especially if building it on an Atom
>> is the alternative).
>
> The famous paper from Ken Thompson: Reflections on trusting trust
>
> http://dl.acm.org/citation.cfm?doid=358198.358210
>
The source is publicly available on github. The only way that Thompson
paper could apply is if a trojan is inserted at the FreeBSD package
builder level.
So I guess [A] could say FreeBSD package builder is compromised
(intentionally by FreeBSD project or unknown to all due a hacker). And
I guess that could be possible, but the counter is: If you cant' trust
packages built by FreeBSD, how can you trust the FreeBSD base not to
have a trojan?
Which would mean that only the people that *also* build FreeBSD from
source would have a leg to stand on.
So I will concede that case: If you accept no binaries at all from
FreeBSD and only build base and packages from source, then you have a
point. But still the response, "Then don't complain" applies. It's a
conscious decision and consequences of decisions must be accepted.
Beside, this theoretical person will have a lot more issues that lil'
ole Synth. It will be in the noise compared to Libreoffice, webkit
(x5), kde, etc.
John
More information about the freebsd-ports
mailing list