Matthew Saltzman wrote:
But the NSA would be at least as capable of introducing a hack that you
could examine but not see as Ken Thompson:
http://www.everything2.com/index.pl?node=Reflections%20On%20Trusting%20Trust
I'd expect them to even be able to conspire with the CPU vendors to have
certain undocumented opcode sequences do magical things.
Sure. You can believe whatever you want to. I am merely stating a fact
that the bar to do this with open source software is way higher than
proprietary software and in fact is the highest that anyone can
practically go.
Also, in order to carry out a hack like that, you have to infect the
toolchain somewhere along the line, so that everyone building the code
is doing so with infected compilers.. With open-source code and an
open-source toolchain, that seems pretty unlikely.
Or are you suggesting, Les, that everyone's copy of gcc is derived from
one built by the NSA and smuggled into RMS's lab at some point in its
early history?
How many people have contributed code and how much do you know about
them or their motives? But a more likely target would be the CPU
companies since there are only a couple that matter and this could make
the compiler portion pretty much invisible. Is that any more paranoid
than thinking the major communication companies all have government taps
for everything passing through or that cell phones are all rigged so the
government can locate and listen at any time?
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list