security projects thoughts
Arno Hautala
arno at alum.wpi.edu
Mon Apr 18 07:11:28 PDT 2011
On Mon, Apr 18, 2011 at 10:02, Bayard Bell
<buffer.g.overflow at googlemail.com> wrote:
>
> I think we need to temper how the examples are flying: an evil network operator can do egregious damage, but macports isn't exactly the thing end of the wedge for exploiting the implied level of trust.
True. Outlandish examples can be saved for extending a system once it exists.
I think my arguments at this point can boil down to looking at other
package systems. Why do they bother with signing? Are their issues
relevant to MacPorts? Are their solutions relevant to MacPorts?
--
arno s hautala /-| arno at alum.wpi.edu
pgp b2c9d448
More information about the macports-dev
mailing list