Stefan Seefeld wrote:
Rene Rivera wrote:
Daryle Walker wrote:
I dislike the idea of executable-wrapped archives in general. You only have a creator's word that the file isn't actually a Trojan and/or infected with a virus. (Even a trustworthy creator may get overridden by a cracker's altered archives.)
That is true regardless of type of archive. The source archives are just as susceptible to tampering as the executable ones. And such tampering has occurred in other open source distributed material.
I believe what Daryle is getting at here is the fact that on one particular platform it is common practice to execute a downloaded file itself (or an attachment, or...) instead of using a trusted local executable to inspect the content of a downloaded file. It's certainly always a good idea to validate the integrity of an unknown file, however it's much less dangerous if such files are passive data instead of executable code that could harm the whole machine.
OK, got that.. But my point was that there is no such thing as passive data when you distribute programs, or fragments thereof. Whether they are in source form or directly executable you are equally susceptible to tampering. Therefore the only way to produce a secure product is to secure the entire process, something I think none of us are willing to embark on for Boost ;-) So it comes to two other choices: provide for an independent trustee of the archives (PK or other authorities), or individual guards against malicious content (firewalls, anti-virus programs, etc.). Hopefully all Boost users are intelligent enough to have already done the latter. And perhaps we can do something about the former. -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com - 102708583/icq