> I am not going to run any software on my machine that was not built
> from source by someone I trust (usually me) and, if remote,
> communicated by a channel whose level of integrity protection I
> trust.  Precompiled binaries fall flat on their faces by this
> criterion.  It takes time to vet sources; it takes a hell of a lot
> more time to vet precompiled binaries, more than enough to make up
> for the time it takes to build my own binaries.

So you actually read all the sources you get from the net before you
compile them?   Closely enough to be *sure* that there are no overt
backdoors in them?   Closely enough to be sure that there are no
covert backdoors or simple bugs that will make them vulnerable to
attack?

I thought not.

			       _MelloN_