Sat Jun 12 21:40:05 UTC 2004
On Sat, 12 Jun 2004, Vernon Schryver wrote: > I don't like 3rd party "distributions" or what seem to be random > collections of patches because they break that trail of trust. Which is just what I wrote. If I install DCC from your source I know what I run and I know who is responsible for creating it. If I install RedHat's RPM (or some other distribution other than Slackware which seem to have as policy not to apply or backport patches) it could contain hundreds of patches RedHat thought was nice, their own, backported from new versions [features/bugfixes] and so on. It is not uncommon that the distributions introduce security holes as they add their own code without really knowing the code they are changing, and also without going the appropiate way to the original developers.
More information about the DCC