From: Mark <mark@lochard.com.au>
Date: Mon, 28 Aug 95 05:02:35 PDT
To: jirib@cs.monash.edu.au
Subject: Re: Auto-update (was: Re: SSl challenge - it was fun!)
In-Reply-To: <199508280649.QAA12896@sweeney.cs.monash.edu.au>
Message-ID: <199508280818.AA67660@junkers.lochard.com.au>
MIME-Version: 1.0
Content-Type: text


>...[asking for an auto-update]...
>> I would be extremely wary of this as accepting code written by someone else
>>to automatically run on your machine is bad.
>...
>
>Why?
>
>I wouldn't say "bad".
>
>I'd say "you need to know what you are doing".
>
>...
>> If they do
>> not have the expertise, they will hear of it soon enough when others scan the
>> offered code.
>...
>
>Perhaps there should be a mechanism whereby code offered would be
>signed by various parites. When sufficient signatures have collected,
>auto-update can proceed.
>
>
>Yes, no, maybe?

No. Bypassing anecdotes about personal experiences with some .au cpunks, why
should I trust *anyone* to certify that code is auto runnable on my machine?
In secure or commercial networks, the onus is on making sure holes are not
opened up in the defences.

To me, having all these crypto links, digital envelopes, crypto filesystems,
etc all mean zero if you start offering to run code blindly from anyone.

Next.

Mark
mark@lochard.com.au
The above opinions are rumoured to be mine.