SELinux removed from desktop cd spin?
Les Mikesell
lesmikesell at gmail.com
Wed Jan 23 14:02:13 UTC 2008
Matthew Saltzman wrote:
>>> But the NSA would be at least as capable of introducing a hack that you
>>> could examine but not see as Ken Thompson:
>>> http://www.everything2.com/index.pl?node=Reflections%20On%20Trusting%20Trust
>>>
>>> I'd expect them to even be able to conspire with the CPU vendors to have
>>> certain undocumented opcode sequences do magical things.
>> Sure. You can believe whatever you want to. I am merely stating a fact
>> that the bar to do this with open source software is way higher than
>> proprietary software and in fact is the highest that anyone can
>> practically go.
>
> Also, in order to carry out a hack like that, you have to infect the
> toolchain somewhere along the line, so that everyone building the code
> is doing so with infected compilers.. With open-source code and an
> open-source toolchain, that seems pretty unlikely.
>
> Or are you suggesting, Les, that everyone's copy of gcc is derived from
> one built by the NSA and smuggled into RMS's lab at some point in its
> early history?
How many people have contributed code and how much do you know about
them or their motives? But a more likely target would be the CPU
companies since there are only a couple that matter and this could make
the compiler portion pretty much invisible. Is that any more paranoid
than thinking the major communication companies all have government taps
for everything passing through or that cell phones are all rigged so the
government can locate and listen at any time?
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-devel-list
mailing list