[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: gEDA-user: On the nitty-gritty of user-experienced problems

To: geda-user@xxxxxxxx
Subject: Re: gEDA-user: On the nitty-gritty of user-experienced problems
From: Karel Kulhavy <clock@xxxxxxxxxxxxx>
Date: Sat, 15 Jan 2005 07:53:24 +0000
Delivered-to: archiver@seul.org
Delivered-to: geda-user-outgoing@seul.org
Delivered-to: geda-user@seul.org
Delivery-date: Sat, 15 Jan 2005 02:53:27 -0500
In-reply-to: <41E85B29.9090009@mlug.missouri.edu>
References: <20050114204141.GA6038@beton.cybernet.src> <20050114212347.5DEF42AA09@earl-grey.cloud9.net> <20050114215826.GA13860@tor.nilsson-home.net> <20050114224546.GB10860@beton.cybernet.src> <41E85B29.9090009@mlug.missouri.edu>
Reply-to: geda-user@xxxxxxxx
Sender: owner-geda-user@xxxxxxxx
User-agent: Mutt/1.4.2.1i

On Fri, Jan 14, 2005 at 05:52:09PM -0600, Igor Izyumin wrote:
> Karel Kulhavy wrote:
> 
> >binary package is a security hole. Someone can put a malicious code
> >into the binary and noone will notice.
> > 
> >
> Unless you read every line of source code in a package every time you 
> download it, the same applies.  Actually, running the binary is a little 

It suffices when it is subject to a public scrutiny. When you put a malicious
code in, someone notices. When you put malicious code into binary package noone
notices (unless the code starts to do something actually).

> less risky.  You generally don't run the program as root, but if you 
> compile from source you have to do 'make install' as root.  Those 
> install scripts can do just about anything to a system.

But they are subject to public scrutiny.

> 
> >Malicious code in a source code is obvious.
> > 
> >
> Really?  I guarantee you that any programmer worth his salary could hide 
> a backdoor in some source code that would be very difficult to find.
> 
> >Binary packages run slower because are not optimized for the particular
> >processor. I have notices about 2 times speedup between compiled GCC
> >and binary GCC. I don't want to buy 3.6GHz system. I'll stick with
> >my 1.8GHz one.
> > 
> >
> The difference is not perceptible, except in multimedia-intensive 

The difference is perceptible clearly in GCC. GCC is not a multimedia-intensive
application.

> applications.  I am willing to bet that the reason your compiled GCC is 
> faster is simply because it's a different version.

This is another thing that the software in distribution tends to be horribly
obsolete. Often there are various news about security vulnerabilities in the
press and when I examine my version I discover I already have installed the
fixed one despite the fact I installed my program long ago.

> 
> >Tried various distros, it was always disaster.
> > 
> >
> I never had any major problems with my distro (Mandrake).  Of course, 
> the best way to muck up any Linux installation is by carelessly 
> installing different libraries, as you seem to be fond of doing.  If you 
> stick to distribution-provided core packages, you will be fine.

gEDA and PCB is not a core package, so I am not going to be fine.

Cl<

References:
- gEDA-user: On the nitty-gritty of user-experienced problems
  - From: Karel Kulhavy
- Re: gEDA-user: On the nitty-gritty of user-experienced problems
  - From: Stuart Brorson
- Re: gEDA-user: On the nitty-gritty of user-experienced problems
  - From: Daniel Nilsson
- Re: gEDA-user: On the nitty-gritty of user-experienced problems
  - From: Karel Kulhavy
- Re: gEDA-user: On the nitty-gritty of user-experienced problems
  - From: Igor Izyumin

Prev by Author: Re: gEDA-user: On the nitty-gritty of user-experienced problems
Next by Author: gEDA-user: different pango version than needed is distributed on geda homepage
Previous by thread: Re: gEDA-user: On the nitty-gritty of user-experienced problems
Next by thread: RE: gEDA-user: On the nitty-gritty of user-experienced problems
Index(es):
- Author
- Thread