On Wed, Apr 14, 2004 at 08:18:24AM +0300, [EMAIL PROTECTED] wrote: > http://www.computerworld.com.au/index.php?id=1224882570&eid=-219: > > In a speech intended to serve us a wake-up call to anyone relying on the > "many eyes" that look at the Linux source code to quickly find any > subversions, the CEO of Green Hills Software Inc. last week reminded his > audience how Unix's creator Ken Thompson installed a back door in the > binary code of Unix that automatically added his user name and password > to every Unix system - a secret he revealed only 14 years later.
I hope anyone really into security understands this is nothing but FUD. There is no inherent difference between open and closed source for the determined cracker - machine language is readable too, given enough time and will. The only way to have a really secure system is to make it *all* by yourself - the CPU, the rest of the hardware, the assembler, compiler, and the rest of the software. You can't rely on anything - you can't cross-compile etc. Is this the way to go? I am not sure. In every project there is a tradeoff between several things, some of which are how much security you need, how much you are willing to trust anyone else (this includes both the merry gang of linux kernel hackers and the respected employies of Microsoft), and how much you can invest in it. For a 100 billion dollars, doing everything by yourself is possible, but how many projects are worth it? And even then you probably need too many developers, so you can't trust them all completely. Not that I undermine Thompson's point - it's a well-written article that I recommend to anyone. But this has nothing to do with FOSS or not FOSS. -- Didi ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
