[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New package managment



Erik wrote:

> > About 80% of my support email comes from people who don't
> > have one or other of those installed properly or at the
> > correct location or some crap like that.

> that's the nature of support. Try following the gnome lists sometime... :)

Just because everyone finds this to be a problem doesn't mean we
can accept it as the status quo.  To the contrary - if everyone finds
that 80% of their support email is improperly installed libraries then
that just makes it even more important to make this easier.

> > Installing any kind of binary or even source package from the
> > web is an incredibly risky thing to do. I don't see that my
> > proposal really makes things that much worse.
> >
> 
> Maybe if these things were access from a central resource and only packages
> properly audited were added to this central resource, then that would add a
> little safety?

Who is going to do all this auditing?  There are 50,000 lines of code
in Tux + PLIB - who will check all of that for viruses, trojan horses,
etc.

Who will do this again and again every couple of weeks when I release
an updated version.

If *I* wanted to sneak a trojan horse into some system, I'd spread the
code over several source packages - so that PLIB itself would contain
no nasty code - and neither would Tux - but link the two together and
something evil would happen.  I'd make sure the code didn't turn itself
on for several weeks after the release date - so that just evaluating
the compiled code for problems would prove nothing.  You'd have to
read and understand every line of those 50,000 lines every two weeks.

In short, the effort to audit all the games out there would *by far*
exceed the effort to write the games in the first place.

It's simply NOT going to happen.
 
> most of your argument security-wise seems to be "it's so bad right now, this
> won't make it much worse".

Exactly.

> I don't think that's a very good ideal to aspire to,
> it's very microsoftian, imho :) I do a lot of security nono's, I run way to
> much stuff as root, I don't audit packages or even check audits. I'm no example
> of how it should be, but, well, I like to stand around and say how it should be
> :) I can be quite useless like that. I think we should keep the ideal in mind,
> even if we don't excersize it, even if we can't make it happen overnight.
> (that's why it's an ideal, not fact, right?)

OK - but that's a problem that is completely orthogonal to the problem
of
collecting all the libraries that a package needs.

If you find a mechanism to authenticate code, then whatever it is could
easily be built into the code collection and rebuilding scheme.

-- 
Steve Baker                  http://web2.airmail.net/sjbaker1
sjbaker1@airmail.net (home)  http://www.woodsoup.org/~sbaker
sjbaker@hti.com      (work)