[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: gEDA-user: On the nitty-gritty of user-experienced problems



On Fri, Jan 14, 2005 at 05:52:09PM -0600, Igor Izyumin wrote:
> Karel Kulhavy wrote:
> 
> >binary package is a security hole. Someone can put a malicious code
> >into the binary and noone will notice.
> > 
> >
> Unless you read every line of source code in a package every time you 
> download it, the same applies.  Actually, running the binary is a little 

It suffices when it is subject to a public scrutiny. When you put a malicious
code in, someone notices. When you put malicious code into binary package noone
notices (unless the code starts to do something actually).

> less risky.  You generally don't run the program as root, but if you 
> compile from source you have to do 'make install' as root.  Those 
> install scripts can do just about anything to a system.

But they are subject to public scrutiny.

> 
> >Malicious code in a source code is obvious.
> > 
> >
> Really?  I guarantee you that any programmer worth his salary could hide 
> a backdoor in some source code that would be very difficult to find.
> 
> >Binary packages run slower because are not optimized for the particular
> >processor. I have notices about 2 times speedup between compiled GCC
> >and binary GCC. I don't want to buy 3.6GHz system. I'll stick with
> >my 1.8GHz one.
> > 
> >
> The difference is not perceptible, except in multimedia-intensive 

The difference is perceptible clearly in GCC. GCC is not a multimedia-intensive
application.

> applications.  I am willing to bet that the reason your compiled GCC is 
> faster is simply because it's a different version.

This is another thing that the software in distribution tends to be horribly
obsolete. Often there are various news about security vulnerabilities in the
press and when I examine my version I discover I already have installed the
fixed one despite the fact I installed my program long ago.

> 
> >Tried various distros, it was always disaster.
> > 
> >
> I never had any major problems with my distro (Mandrake).  Of course, 
> the best way to muck up any Linux installation is by carelessly 
> installing different libraries, as you seem to be fond of doing.  If you 
> stick to distribution-provided core packages, you will be fine.

gEDA and PCB is not a core package, so I am not going to be fine.

Cl<