Security Concern: Unsigned Windows Executable

Jean-David Beyer jeandavid8 at
Tue Jun 2 14:55:42 CEST 2009

Hash: SHA1

Robert J. Hansen wrote:

| Insert mandatory "reflections on trusting trust" reference here.
| The sentiment of "I must build it from source if I'm going to trust it"
| is great, but then you have to ask questions about your compiler, your
| system libraries, etc., until you're left hand-hacking Assembly
| instructions for a low transistor count CPU you've personally
| lithographed yourself from your own personal design.
Let's say I did all that. But do I trust the guy who looked over my shoulder
to be sure I did not make a mistake in my own personal design?

And if I believe, in principle, in automatically proving programs (or
hardware, their equivalent) correct, do I trust the program that does that?
And the rules given that program that the program to be verified is to meet?

We get into the very problem Rene Descartes was stuck in until he came up
with "Cogito, ergo sum." Which I do not think was a solution at all.

- --
~  .~.  Jean-David Beyer          Registered Linux User 85642.
~  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
~ /( )\ Shrewsbury, New Jersey
~ ^^-^^ 08:50:01 up 69 days, 15:04, 3 users, load average: 4.06, 4.24, 4.31
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS -


More information about the Gnupg-users mailing list