Re: Verifying Kernel source

Larry McVoy (lm@bitmover.com)
Wed, 27 Nov 2002 09:28:18 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dennis Grant: "Re: A Kernel Configuration Tale of Woe"
Previous message: Jeremy Fitzhardinge: "Re: htree+NFS (NFS client bug?)"
In reply to: Richard B. Tilley : "Verifying Kernel source"
Next in thread: Helge Hafting: "Re: Verifying Kernel source"

> What is the proper way to verify the kernel source before compiling?
> There have been too many trojans of late in open source and free
> software and I, for one, am getting paranoid.

If it's in BK you can be pretty sure that it is what was checked in,
BK checksums every diff in every file. It's not at all impossible
to fool the checksum but it is very unlikely that you can cause
semantic differences in the form of a trojan horse and still fool
the checksums.

-- 
---
Larry McVoy            	 lm at bitmover.com           http://www.bitmover.com/lm 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/






 Next message: Dennis Grant: "Re: A Kernel Configuration Tale of Woe"
 Previous message: Jeremy Fitzhardinge: "Re: htree+NFS (NFS client bug?)"
 In reply to: Richard B. Tilley : "Verifying Kernel source"

 Next in thread: Helge Hafting: "Re: Verifying Kernel source"