[Aurora-sparc-devel] Location of build 2.98 source rpms? (fwd)
Dean Anderson
dean at av8.com
Thu Jul 19 17:22:59 EDT 2007
On Thu, 19 Jul 2007, Jima wrote:
> Out of curiosity, how are you checking if they match? rpmdiff?
I usually install the src.rpm, look at the sources provided, the
official sources. I look at the patches, and look at the build scripts
in the spec file. Then build from source and check that the binaries
appear to be similar. They should be the same size. I can't do this for
everything in the distribution, but I try to select some important
packages (e.g. kernel, compiler, glibc) and pick some random other
packages.
This obviously can miss a lot. And it won't pick up some kinds of
trojans at all, ever. Particularly nasty are compiler hacks. It is
terribly hard to verify a compiler. There are some projects to do this,
though. Compiler paranoia is a terrible affliction, with few cures.
But some testing gives me some peace of mind.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the Aurora-sparc-devel
mailing list