From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,caa8ecf96e8cf189 X-Google-Attributes: gid103376,public From: Andi Kleen Subject: Re: Compiling gnat into gcc-2.8.0 Date: 1998/02/27 Message-ID: #1/1 X-Deja-AN: 329142070 Sender: andi@fred.muc.de References: <34F421F6.3A5FFF59@towson.edu> <34F5A906.1704@gsfc.nasa.gov> <34F68913.2FF865DA@cl.cam.ac.uk> Distribution: world Organization: [posted via] Leibniz-Rechenzentrum, Muenchen (Germany) Newsgroups: comp.lang.ada Date: 1998-02-27T00:00:00+00:00 List-Id: dewar@merv.cs.nyu.edu (Robert Dewar) writes: > > There is of course no technical basis for such a claim. It probably stems > from the concern that if the sources are available, then anyone can modify > them. This is of course true, and there is no doubt that getting a version > of GNAT that has been modified by person or persons unknown, or may have > been modified in such a way, is potentially risky. We always warn people > that one of the issues in using the public version is that there is no > guarantee that we can provide that what you get corresponds to what we > initially distributed. It is most unlikely that anyone would have tampered > with the public distribution, but it is entirely out of our control. One way around this would be if ACT would publish PGP signatures of the binary and source tar balls of the public gnat releases. Of course there is still a lower risk that someone changes the signatures, but assuming the web of trust works and that the signatures are widely published (e.g. posted to Usenet etc.) this is a rather save choice. -A.