[TriLUG] spyware

Mike M linux-support at earthlink.net
Mon Apr 19 05:39:20 EDT 2004


On Sat, Apr 17, 2004 at 02:44:39PM -0400, Andrew Perrin wrote:
> 
> This is essentially a problem of trust, it seems to me. Your approach
> serves to limit the number of people with access to code that requires a
> high degree of trust.  Another option would be to set up some sort of
> rating system, whereby a user could assign a level of trust to each
> developer; you track developers through packages, assigning a package the
> lowest level of trust of any developer who works on it; and then you tell
> your apt setup to disregard any package with a trust score below X, where
> X is defined as your level of confidence.  It's not technically hard (I
> would think, but then hey, I'm a social scientist, not a programmer), I
> would expect the hardest part to be keeping up with all the possible
> developers who need rating.

That's it!  Move the onus of rating to the project in the way that 
organizations achieve the software maturity rating. OpenBSD would get
a high rating. Extra points to projects with developers that publish 
verified names and addresses and phone numbers (like your supposed to do 
when you rent web space).

The apt option is righteous.

You're right. This is foremost a social project than a technical one.  
My new position is that being a programmer ain't squat anymore - it's 
like driving a car :-) Remember when being a scribe was a ticket to a
high lifestyle?
-- 
Mike

Moving forward in pushing back the envelope of the corporate paradigm.



More information about the TriLUG mailing list