Linked by Thom Holwerda on Sat 17th Oct 2009 12:45 UTC

Thread beginning with comment 389994
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Same old, same old.
by gustl on Mon 19th Oct 2009 10:27
in reply to "RE[2]: Same old, same old."
And how is that being provided for the other systems?
Centralized repositories. Every package is cryptographically signed, and as the people behind the additional packages are the same as those behind the operating system, IF they would have wanted to screw you, they would already do it at installation of the base system. As they didn't do it then, it can be assumed they are trustworthy.
RE[4]: Same old, same old.
by lemur2 on Mon 19th Oct 2009 13:31
in reply to "RE[3]: Same old, same old."
"And how is that being provided for the other systems?
Centralized repositories. Every package is cryptographically signed, and as the people behind the additional packages are the same as those behind the operating system, IF they would have wanted to screw you, they would already do it at installation of the base system. As they didn't do it then, it can be assumed they are trustworthy. "
Not only is every package cryptographically signed by the people who put together the original system, but there are over 1.5 million open source developers (who did NOT write the code but who want to use the code) who are able to see, download and compile the source code, and confirm for themselves (these are developers we are talking about, remember) that the source code matches the cryptographically signed package, and that the source code contains no malware.
This is how the system has achieved its impeccable record.
Edited 2009-10-19 13:33 UTC
Member since:
2005-07-08
And how is that being provided for the other systems?