Time for Open-Source to Grow Up

Time for Open-Source to Grow Up
Jon Lasser, 2002-08-07

The OpenSSH backdoor demonstrates that the community must get pragmatic about package verification, and fast.

Expand all | Post comment

Time for Open-Source to Grow Up 2002-08-07
Not Really Anonymous

Is it really so inmature? 2002-08-08
Javier Fernandez-Sanguino (1 replies)

Is it really so inmature? 2002-08-08
Jon (1 replies)

Is it really so inmature? 2002-08-11
Not Really Anonymous

Time Time to Grow UP? NO! Time to quit acting like children! There is a difference. 2002-08-09
Axe-2-Grind

Time for Open-Source to Grow Up 2002-08-09
Anonymous

PGP is still the answer 2002-08-10
Sloppy

Stick to PGP 2002-08-11
Anonymous (2 replies)

Stick to PGP 2002-08-12
Anonymous

Stick to PGP 2002-08-14
Anonymous

PGP is easy to check. So are MD5. Any verification is easier than fixing a disaster later. I personally prefer a PGP sig, with the key at some well known location. Anyone who is using the key on the provider site is probably the same person who would reset their root password when the "OS vendor" called and asked them to do so. Of course, we first need to get providers to understand this concept.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/101/16152#16152

Why is SMP a requirement for busy download sites? 2002-08-14
Anonymous

Time for Open-Source to Grow Up 2002-08-16
Anonymous