I don't know much about KNOPPIX-STD, but does KNOPPIX have the source for everything on the CD? I can't speak for the kNOPPIX-STD creator but my understanding is that he installed these utilities from the Debian packages using apt-get. Isn't that trusted enough? I believe the source he puts on the CD is for utilities he didn't install with Debians apt-get. I do agree test it first and if it works then use it. So test it and use it if it works. Ernie Baca Phoenix, Arizona ebaca@linux-forensics.com www.linux-forensics.com >From: "der.hans" >Reply-To: plug-discuss@lists.plug.phoenix.az.us >To: plug-discuss@lists.plug.phoenix.az.us >Subject: Re: Anyone played with Knoppuix-STD yet? >Date: Mon, 14 Jul 2003 00:58:34 -0700 (MST) > >Am 13. Jul, 2003 schwätzte Thomas Cameron so: > > > I know several folks have spoken highly of Knoppix. > > > > http://www.knoppix-std.org/ is a version of Knoppix which is supposed to >be > > specialized for security work. Anyone played with it yet? > >Don't use it!!! > >I got a copy at the meeting Thu. I've been dog-sitting for a friend and >using Knoppix to ssh back home to work from there. Fri I tried knoppix-std. >I went through and looked at what was on the CD. Looked pretty good until >towards the end where he said he had a directory that had source code for >the programs WHEN HE COULD FIND IT. > >Do not trust security code for which you don't have the source code. The >fact that he's including programs for which the source code isn't available >is insane and tells me I certainly don't want to trust him to get it right. > >The moral of the story: don't use knoppix-std until source code is >available >for EVERYTHING on it, and someone with security has done an audit. > >It's great that he's including source code for packages, but source code >should be available for all of them. > >ciao, > >der.hans >-- ># https://www.LuftHans.com/ http://www.AZOTO.org/ ># If you're not learning, you're not living. - der.hans > >--------------------------------------------------- >PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >To subscribe, unsubscribe, or to change you mail settings: >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail