[GLLUG] Am I over-reacting to this?

John Edwards john at cornerstonelinux.co.uk
Wed Jan 15 22:26:24 UTC 2014


On Wed, Jan 15, 2014 at 09:12:29PM +0000, James Courtier-Dutton wrote:
<snip> 
> Also, Canonical have root access to all Ubuntu Linux installs. After
> all, who compiles all the binaries, when you install Ubuntu Linux.

Why pick on Canonical? The same holds true for any binary distributed
operating system.

Even compiling from source does not give you 100% safety, because you
then need to trust the C compiler (see Ken Thompson).

The key things are trust and reproducibility. Open source software can
be easily recompiled and compared to those distributed in binary form.
Open source companies tend to have much less lock-on then others (eg
Microsoft and Oracle) so if a backdoor is found then trust is quickly
destroyed and they will lose most of their business.

Bruce Schneier is currently cataloging the various backdoors used by
the NSA on his blog at https://www.schneier.com/ and the most common
thread is to use an exploits in a closed source OS and then use the
closed source firmware to make it persistent.


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#




More information about the GLLUG mailing list