On 11/14/06, Timwi timwi@gmx.net wrote:
That's the wrong question. A better set of questions would be:
- Does every project have at least one sysop/bureaucrat who can spot
"evil" Java resources?
- Does every sysop/bureaucrat who does not have this skill, acknowledge
that they don't and consequently leave the approval queue alone? (from your message, it appears that you do, so you're fine)
It's not a question of skill: No matter how skilled no human can tell a malicious java app in binary form from a good java app.
Only through a careful audit of the source code could we expect to have any confidence... and thats a question of both time and skill...