[linux-elitists] distributing software securely (was: DJB ruckus du jour)

john spurling synec@nakedlunch.org
Thu Nov 14 12:30:48 PST 2002


On Thu, Nov 14, 2002 at 06:55:04PM +0100, Magnus Bodin wrote:
> On Thu, Nov 14, 2002 at 07:55:18AM -0800, john spurling wrote:
> > > 
> > > And draw your own conclusions about external dependencies and the
> > > minimization of risk.
> > 
> > djb did not invent static linking. behold:
> 
> I checked the code. djbdns is not linked statically.
> It simply uses fewer external libraries.
> 
> So the conclusion is?

the conclusion is that the object files get rolled into the binary
directly instead of linking with a library, which djb also didn't
invent. also, he seems to reinvent the wheel a lot. 

this is all irrelevant, anyway, because the point of spawning this new
thread was to discuss the security implications of distributing *the
same* software as binary versus source. i brought it up because ports
fans often cite building from source as a security benefit, and i
wanted to see if i was missing anything in pointing out that building
from source has more dependencies than a standalone binary, but the
integrity of both can be verified equally well.

-- 
"a still tongue makes a happy life."
		--the prisoner



More information about the linux-elitists mailing list