From: Willy Tarreau <willy@w.ods.org>
To: "Måns Rullgård" <mru@inprovide.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Wiretapping Linux?
Date: Wed, 17 May 2006 06:21:16 +0200 [thread overview]
Message-ID: <20060517042116.GR11191@w.ods.org> (raw)
In-Reply-To: <yw1xfyj91y6n.fsf@agrajag.inprovide.com>
On Tue, May 16, 2006 at 10:01:36PM +0100, Måns Rullgård wrote:
> Willy Tarreau <willy@w.ods.org> writes:
>
> > On Tue, May 16, 2006 at 06:24:38AM -0700, Marc Perkel wrote:
> >> As most of you know the United States is tapping you telephone calls and
> >> tracking every call you make. The next logical step is to start tapping
> >> your computer implanting spyware into operating systems. Since Windows
> >> and OS-X are proprietary this can be done more easilly with the
> >> cooperation of Microsoft and Apple.
> >>
> >> So what about Linux? With thousands of people working on the Kernel if
> >> someone from the NSA wanted to slip a back door into the Kernel, could
> >> the do that? I know it's open source and it could be found if anyone
> >> looks but is anyone looking? Is this something that would get noticed if
> >> someone tried to do it? I'd like to think it would, but I'm going to ask
> >> anyway just to make sure.
> >
> > There is no warranty that this cannot happen. Indeed, it has already
> > happened and will probably do again. A backdoor was found in some code
> > introduced in the bitkeeper repository, but it was noticed almost
> > immediately.
>
> The code was not added to the bitkeeper repository, but to a CVS
> mirror of it. It was spotted quickly thanks to rigorous checksumming
> done by the CVS exporter in BK.
>
> One of the current trends in version control software is toward
> cryptographically signed changesets, meaning that sneaking something
> in without access to a trusted private key is about as close to
> impossible as you can get.
>
> There is still the question of who you can *really* trust of course.
> After all, how do we know that Dave Miller (who was "credited" for the
> mentioned backdoor attempt) isn't really a bad guy?
That's true, and even for all other people, those who design the code
and make choices. At one moment, you have to decide whether you trust
those people and their code or whether you prefer to switch back to
closed commercial code with the same risk of backdoors but without a
way to detect them. I decided to trust them as well as some people
trust me for the hotfixes I release from time to time. And when
someone does crap, he's not trusted anymore. That's very simple.
> --
> Måns Rullgård
> mru@inprovide.com
Regards,
Willy
next prev parent reply other threads:[~2006-05-17 4:21 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-16 13:24 Wiretapping Linux? Marc Perkel
2006-05-16 13:48 ` Steven Rostedt
2006-05-16 13:56 ` Marc Perkel
2006-05-16 14:40 ` Jakob Oestergaard
2006-05-16 16:14 ` Steven Rostedt
2006-05-16 15:05 ` linux-os (Dick Johnson)
2006-05-16 15:55 ` Lee Revell
2006-05-16 16:12 ` Chase Venters
2006-05-16 20:29 ` Måns Rullgård
2006-05-16 20:47 ` Chase Venters
2006-05-18 11:25 ` Helge Hafting
[not found] ` <Pine.LNX.4.61.0605180741350.4006@chaos.analogic.com>
2006-05-18 12:41 ` Helge Hafting
2006-05-18 15:29 ` Jan Engelhardt
2006-05-16 17:09 ` Ingo Oeser
2006-05-16 17:27 ` Chase Venters
2006-05-17 0:57 ` Peter Chubb
2006-05-16 20:03 ` Willy Tarreau
2006-05-16 21:01 ` Måns Rullgård
2006-05-17 4:21 ` Willy Tarreau [this message]
2006-05-17 1:27 ` Valdis.Kletnieks
-- strict thread matches above, loose matches on Subject: below --
2006-05-17 8:07 Joerg Pommnitz
2006-05-17 10:24 ` linux-os (Dick Johnson)
2006-05-17 12:02 ` Joerg Pommnitz
2006-05-17 12:16 ` Avi Kivity
2006-05-17 13:25 ` Joerg Pommnitz
2006-05-17 14:17 ` Avi Kivity
2006-05-17 18:47 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060517042116.GR11191@w.ods.org \
--to=willy@w.ods.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mru@inprovide.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox