[linux-elitists] distributing software securely (was: DJB ruckus du jour)
Thu Nov 14 12:30:48 PST 2002
On Thu, Nov 14, 2002 at 06:55:04PM +0100, Magnus Bodin wrote:
> On Thu, Nov 14, 2002 at 07:55:18AM -0800, john spurling wrote:
> > >
> > > And draw your own conclusions about external dependencies and the
> > > minimization of risk.
> > djb did not invent static linking. behold:
> I checked the code. djbdns is not linked statically.
> It simply uses fewer external libraries.
> So the conclusion is?
the conclusion is that the object files get rolled into the binary
directly instead of linking with a library, which djb also didn't
invent. also, he seems to reinvent the wheel a lot.
this is all irrelevant, anyway, because the point of spawning this new
thread was to discuss the security implications of distributing *the
same* software as binary versus source. i brought it up because ports
fans often cite building from source as a security benefit, and i
wanted to see if i was missing anything in pointing out that building
from source has more dependencies than a standalone binary, but the
integrity of both can be verified equally well.
"a still tongue makes a happy life."
More information about the linux-elitists