Re: China next to get access to Microsoft source code

[InfoSec News <isn () c4i org>]

Forwarded from: Kurt Seifried <listuser () seifried org>

One thing I'm wondering. How do you KNOW that the code MS is showing
you is "real", i.e. not something made up or several versions old?
Essentially I can take a source rpm/tarball/whatever on a linux/bsd
systems and chances are good I can create the exact same binary (MD5
sum et all) as the binary shipped by a given project. Is this possible
with MS's source code? You would have no idea if the source code they
are showing you is actually the source code in use.

I'm not trying to be paranoid or anything, but it makes me wonder. Yet
another fun issue with proprietary software.


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.