
Jeff Waugh jdub at
Fri Sep 3 19:08:20 CDT 2004

<quote who="Matt Zimmerman">

> Removing the compiler only creates a marginal amount of extra work for an
> attacker who will just upload or download their own binaries or find
> another way around it, while the other 99.9% of people using the system
> are needlessly inconvenienced.

The other 99.9% of people using the system... Are they all going to use GCC?

Our desktop seed is meant to provide the greatest common factor of packages
that will be used on a desktop machine. It's *not* meant to be a superdooper
hacker workstation.

I'd suggest that 99.9% of people using the system will not be inconvenienced
because they won't even know what a compiler is. Thus, the ship seed is the
appropriate place for it -> anyone who needs a compiler can get it straight
off the CD as soon as they install.

(I still feel uncomfortable with compilers being available on production
machines, and don't think the "marginal amount of extra work for kiddies"
argument is good enough: Worms don't do marginal amounts of extra work. I'm
sure someone's said the same thing about sandboxing scripting frameworks!)

- Jeff

What's all that about?                 
                    Mangoes are nature's edible orgasm.

More information about the sounder mailing list