[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Axiom-developer] RE: Bootstrapping
From: |
Jay Belanger |
Subject: |
Re: [Axiom-developer] RE: Bootstrapping |
Date: |
Thu, 10 Nov 2005 09:57:23 -0600 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
"Bill Page" <address@hidden> writes:
...
> It must be the approaching Winter season or maybe it is this pain
> in my back that wont go away anymore, but I seem to be disagreeing
> with almost everyone here lately... :(
I don't think that's right.
(Sorry.)
> I believe that such an attack is technically possible, but I
> disagree strongly that therefore there is a good reason to suspect
> all binaries.
Tainted binaries are rare, but they do exist. Trying to avoid them
seems like common sense.
(Tainted sources also exist, but they get spotted easier.)
There's an old saying (Finlay Peter Dunne)
Trust everyone, but cut the cards.
Not relying on binaries is, if nothing else, cutting the cards.
>> > Not in light of things like Ken Thompson's proposed attack.
>> > Security people may be paranoid, but on the internet paranoia
>> > is a virtue.
>
> No. Paranoia is a disease, like depression. It is a social/medical
> condition that needs to be treated.
...
>> For a sysadmin, the absence of paranoia is called professional
>> incompetence.
>
> I think your colleague does not have a clear understanding of
> security.
I think you're taking "paranoia" too literally.
But you might disagree. (See above.)
Jay
- [Axiom-developer] bootstrapping (was: letting my mud settle), (continued)
- [Axiom-developer] bootstrapping (was: letting my mud settle), Bill Page, 2005/11/09
- [Axiom-developer] Bootstrapping, C Y, 2005/11/09
- [Axiom-developer] RE: Bootstrapping, Bill Page, 2005/11/09
- [Axiom-developer] RE: Bootstrapping, C Y, 2005/11/09
- Re: [Axiom-developer] RE: Bootstrapping, Andrey G. Grozin, 2005/11/10
- RE: [Axiom-developer] RE: Bootstrapping, Bill Page, 2005/11/10
- RE: [Axiom-developer] RE: Bootstrapping, C Y, 2005/11/10
- [Axiom-developer] security and trust in Axiom (was: Bootstrapping), Bill Page, 2005/11/10
- Re: [Axiom-developer] security and trust in Axiom (was: Bootstrapping), root, 2005/11/10
- RE: [Axiom-developer] security and trust in Axiom (was: Bootstrapping), Bill Page, 2005/11/10
- Re: [Axiom-developer] RE: Bootstrapping,
Jay Belanger <=
- Re: [Axiom-developer] RE: Bootstrapping, Andrey G. Grozin, 2005/11/10
- Re: [Axiom-developer] letting my mud settle, Mike Dewar, 2005/11/09
- RE: [Axiom-developer] letting my mud settle, Bill Page, 2005/11/09
- Re: [Axiom-developer] letting my mud settle, root, 2005/11/09
- RE: [Axiom-developer] letting my mud settle, Bill Page, 2005/11/09
- Re: [Axiom-developer] letting my mud settle, Mike Dewar, 2005/11/09
- Re: [Axiom-developer] Terms of Surrender (was: BAD tim), William Sit, 2005/11/08
- Re: [Axiom-developer] Terms of Surrender (was: BAD tim), C Y, 2005/11/08
- Re: [Axiom-developer] Terms of Surrender (was: BAD tim), William Sit, 2005/11/07
- RE: [Axiom-developer] Terms of Surrender (was: BAD tim), Bill Page, 2005/11/06