<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 January 2014 22:26, John Edwards <span dir="ltr"><<a href="mailto:john@cornerstonelinux.co.uk" target="_blank">john@cornerstonelinux.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">On Wed, Jan 15, 2014 at 09:12:29PM +0000, James Courtier-Dutton wrote:<br>

<snip><br>
<div class="im">> Also, Canonical have root access to all Ubuntu Linux installs. After<br>
> all, who compiles all the binaries, when you install Ubuntu Linux.<br>
<br>
</div>Why pick on Canonical? The same holds true for any binary distributed<br>
operating system.<br>
<br>
Even compiling from source does not give you 100% safety, because you<br>
then need to trust the C compiler (see Ken Thompson).<br>
<br></blockquote><div><br></div><div style>It might not even be the compiler - it might simply be impossible to know:</div><div style><br></div><div style><a href="http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/">http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/</a><br>
</div><div> </div></div></div></div>