On Wed, 2008-01-23 at 11:02 +0530, Rahul Sundaram wrote: > Les Mikesell wrote: > > > > But the NSA would be at least as capable of introducing a hack that you > > could examine but not see as Ken Thompson: > > http://www.everything2.com/index.pl?node=Reflections%20On%20Trusting%20Trust > > > > I'd expect them to even be able to conspire with the CPU vendors to have > > certain undocumented opcode sequences do magical things. > > Sure. You can believe whatever you want to. I am merely stating a fact > that the bar to do this with open source software is way higher than > proprietary software and in fact is the highest that anyone can > practically go. Also, in order to carry out a hack like that, you have to infect the toolchain somewhere along the line, so that everyone building the code is doing so with infected compilers.. With open-source code and an open-source toolchain, that seems pretty unlikely. Or are you suggesting, Les, that everyone's copy of gcc is derived from one built by the NSA and smuggled into RMS's lab at some point in its early history? > > Rahul > > -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
