From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id h9EMTbWt022128 for ; Tue, 14 Oct 2003 18:29:37 -0400 (EDT) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id h9EMTT0p025289 for ; Tue, 14 Oct 2003 22:29:30 GMT Received: from remt26.cluster1.charter.net (remt26.cluster1.charter.net [209.225.8.36]) by jazzswing.ncsc.mil with ESMTP id h9EMTTr7025286 for ; Tue, 14 Oct 2003 22:29:29 GMT Received: from [68.116.1.217] (HELO eng21) by remt26.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 26849329 for selinux@tycho.nsa.gov; Tue, 14 Oct 2003 18:29:11 -0400 From: "Robert Potter" To: "'SELinux Mail List'" Subject: Trust Basics Date: Tue, 14 Oct 2003 15:29:25 -0700 Message-ID: <000a01c392a2$a7b24020$d9017444@eng21> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" In-Reply-To: <1066162420.5054.395.camel@moss-spartans.epoch.ncsc.mil> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov I suggest we also consider using the concept of time for upgrading our "trust" of code. This is in addition to other methods of knowing the source. It is another line of defense. Not all code has to be trusted immediately, or applied. I think this is what all of us do anyway, as we have learned to wait and listen for problem reports before applying patches. It is what many of us do when we rescan our download subdirectories with the latest anti-virus, worm and trojan sigs. Rob -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.