[GLLUG] Am I over-reacting to this?

Nix nix at esperi.org.uk
Fri Jan 17 00:54:01 UTC 2014

On 15 Jan 2014, John Edwards uttered the following:

> On Wed, Jan 15, 2014 at 09:12:29PM +0000, James Courtier-Dutton wrote:
> <snip> 
>> Also, Canonical have root access to all Ubuntu Linux installs. After
>> all, who compiles all the binaries, when you install Ubuntu Linux.
> Why pick on Canonical? The same holds true for any binary distributed
> operating system.

True enough.

> Even compiling from source does not give you 100% safety, because you
> then need to trust the C compiler (see Ken Thompson).

You can reduce the degree of trust arbitrarily far by using more than
one compiler, ideally but not necessarily with distinct development
histories: <http://arxiv.org/pdf/1004.5548.pdf>.

> Bruce Schneier is currently cataloging the various backdoors used by
> the NSA on his blog at https://www.schneier.com/


NULL && (void)

More information about the GLLUG mailing list