On 11/14/06, Timwi <timwi(a)gmx.net> wrote:
That's the wrong question. A better set of
questions would be:
* Does every project have at least one sysop/bureaucrat who can spot
"evil" Java resources?
* Does every sysop/bureaucrat who does not have this skill, acknowledge
that they don't and consequently leave the approval queue alone? (from
your message, it appears that you do, so you're fine)
It's not a question of skill:
No matter how skilled no human can tell a malicious java app in binary
form from a good java app.
Only through a careful audit of the source code could we expect to
have any confidence... and thats a question of both time and skill...