[GLLUG] RedHat spooked ?

[Peter Cannon]

On 20/06/14 00:06, Mike Brodbelt wrote:
> On 19/06/14 21:41, Alain Williams wrote:
> 
>> Question: What assurances can you give us that RedHat has not been 
>> spooked by the NSA.
>>
>> Answer: Please raise that on a support ticket to be given an answer in 
>> writing.
> 
> How.... interesting.

I do love the start of a good conspiracy theory. I suspect the reason he asked for a ticket to be raised is so that a response endorsed by the legal department could be drafted. Or, maybe he just didn't know and didn't want to drop himself in the doggy doo doo?

 
>> * Do the compiled RedHat binaries reflect exactly the sources that 
>> they publish ?
> 
> That's the big question, isn't it.

If they don't then they are breaking the GPL, a pretty serious matter in legal and reputation terms.

 
>> * Do any of the RedHat patches generate a NSA backdoor ?
> 
> I would doubt it, *if* the patches are open source. It would be too easy 
> to find a deliberately introduced exploit confined to a vendor patchset, 
> and too damaging to the vendor once found. That's no guarantee though.

Exactly. Anyone can view the source code.

<snip>

> 
>> * Earlier this year RedHat took over the (European) CentOS project (in 
>> essence). We were given several
>> commercial reasons as to why this makes sense for RedHat. Is another 
>> reason that this brings CentOS
>> under RedHat control and thus subject to the demands of the NSA (via 
>> the Patriot act or whatever) ?

Ahahahahaha, let me just wipe a tear from my eye. Earlier in the email the idea is raised of Trojan Horse binary's not compiled from the original source code which I hasten to add is what CentOS uses and now we're saying "CentOS was brought into the fold so Red Hat could spread their Anti community clandestine activities to another distribution." seriously?

>> Please note: it is not my intention to libel anyone, however this is 
>> an important area where tough
>> questions need to be asked. We cannot, unfortunately, accept what we 
>> are told at face value - Edward
>> Snowden has shown us that.

I was at a BarCamp recently attended by some people who hinted at their 'security' status at a well known establishment with lots of aerials, rest assured, nothing is safe. If they want to get into things they will and can so Backdoors are irrelevant these days as the skillsets have outstripped the requirements for them. Interestingly there was a debate on 'being safe' and the end conclusion was ultimately nobody cares, they really don't. They shout and bleat about it for a few weeks and then life goes on as normal. I haven't seen anything about Assange for months, why? Nobody cares. How many other whistle blowers have there been, loads I suspect? None of which I can name because they've dropped off the 'outraged' radar.

I shouldn't worry about the NSA, I doubt they are snooping on most of us in the UK as MI5 is handing over all your data on a daily basis to them. :-D

-- 
Regards
Peter Cannon

IRC: dick_turpin @ freenode.net
https://twitter.com/dick_turpin
http://www.cannon-linux.co.uk
https://plus.google.com/100694334141523232451/posts
Podcast: http://tdtrs.co.uk

"Be who you are and say what you feel because those who mind don't matter and those who matter don't mind."