On Mon, 9 Jul 2018 at 18:06:12 +1000 Andrew McGlashan <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > > On 09/07/18 17:51, KatolaZ wrote: >> Literally anybody can get the sources of the Linux kernel and read >> through it. So I guess your fears are somehow unjustified... > > There were long standing problems with openssl -- the source code was > fully available, anybody could have found the problems, but they didn't. Yes, there were bugs. Not backdoors. OpenSSL is a project that very hardly compares to the Linux kernel: https://en.wikipedia.org/wiki/OpenSSL "The OpenSSL project management team consists of 8 people, and the entire development group consists of 13 members, out of which 10 are volunteers. There are only three full-time employees." > The Linux Kernel is HUGE, the possibility to find something that > shouldn't be there would not be very easy. However, all the backdoors I know of were found in proprietary software (like Cisco) or in Linux-running comsumer networking appliances operated with the admin default password or left unpatched for years. > Binary blobs remain the > most "risky" components, but anything else can easily hide in plain sigh > t. Actually the Linux kernel is the most scrutinized and secure piece of software that's around. There's no way a few people could make it more secure than it already is by forking it. Alessandro _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
