In the old days... with rn or perl etc... the stuff was posted via the
Usenet and through comp.sources.unix -- so I knew it had lots of eyes
checking it, uudecoding it and building it.
Any idiot can put something out in an email now as an attachment or on a
website.
The problem is you used to trust people more because the net was less open
and more a group of folks with shared interests. There were a lot less of
the hacker dudes out there looking to do the digital equivalent of tag my
site with graffiti.
I regularly gave out access to my personal machines including root to folks
I trusted. Telnet access, uucp access. No ssh. The slow speed meant that
there were few dial-up dictionary attacks.
Most of the locals knew each other by reputation.
It's a much uglier world out there.
Bill
On 3/9/07, Richard <legalize at xmission.com> wrote:
In article <200703091536.KAA06677 at Sparkle.Rodents.Montreal.QC.CA>,
der Mouse <mouse at rodents.montreal.qc.ca> writes:
This is why I called it "a security
nightmare waiting to happen".
But this would be true of any open source software with backdoors
potentially hidden deep in the implementation.
Honestly, when you get a new sendmail distribution or any other CUSP,
do you do a code review of the entire source? I doubt it. Somewhere
along the line you have to establish some trust.
--
"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
<http://www.xmission.com/~legalize/book/download/index.html>
Legalize Adulthood! <http://blogs.xmission.com/legalize/>