Time for Open-Source to Grow Up

Time for Open-Source to Grow Up
Jon Lasser, 2002-08-07

The OpenSSH backdoor demonstrates that the community must get pragmatic about package verification, and fast.

Expand all | Post comment

Time for Open-Source to Grow Up 2002-08-07
Not Really Anonymous

Is it really so inmature? 2002-08-08
Javier Fernandez-Sanguino (1 replies)

Is it really so inmature? 2002-08-08
Jon (1 replies)

Is it really so inmature? 2002-08-11
Not Really Anonymous

Time Time to Grow UP? NO! Time to quit acting like children! There is a difference. 2002-08-09
Axe-2-Grind

Time for Open-Source to Grow Up 2002-08-09
Anonymous

PGP is still the answer 2002-08-10
Sloppy

Stick to PGP 2002-08-11
Anonymous (2 replies)

I check PGP signatures.

Any responsible sysadmin will validate a package, and PGP is not difficult to use in that regard. Sysadmins who download packages and don't verify them should "grow up".

Honestly, I wouldn't even know how to validate the certificates you talk about. PGP is fairly straightforward.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/101/16116#16116

Stick to PGP 2002-08-12
Anonymous

Stick to PGP 2002-08-14
Anonymous

Why is SMP a requirement for busy download sites? 2002-08-14
Anonymous

Time for Open-Source to Grow Up 2002-08-16
Anonymous