As I see it, there are are two things that can happen here 1) NSA breaks into pfSense without knowledge of the staff => The only solution is source code and binary review. This is not an option for people like Thinker Rix or other non coders. The mostly spot for this to happen is upstream from the project (in FreeBSD itself, in the libraries that FreeBSD uses). This will require resources outside of the pfSense project to validate.
2) NSA forces pfSense to put a backdoor in the software. Tells pfSense to be quite about it. The results of 2) are that either pfSense stays quite or they tell. i) If they stay quite, then the only solution is the same answer as for 1), independent evaluation. ii) If they tell, then the project is over as they will be busy fighting the government. They can be arrested for telling. Depending on the Judge, any said or done that tips off someone that the project has a NSL, can be taken as a violation. What do you expect from the project? That they promise that they have not been subverted and further promise to tell you when/if there are subverted, regardless of the personal and financial costs to them? This is a free project... What is reasonable to expect from any project like this? Once we question trust in the project, the only reasonable course of action is independent evaluation. Guess what, that is what the Government does when it evaluates software. In fact, that is one of the NSA's other jobs. This does, however, make software much more expensive. How to we get a trusted evaluation of the software? On Fri, Oct 11, 2013 at 10:46 AM, Thinker Rix <[email protected]>wrote: > On 2013-10-11 12:57, Adrian Zaugg wrote: > >> After having read the whole NSA thread on this list, it came up to my >> mind that pfsense web GUI could declare itself "conform to US laws" upon >> the point when there are known backdoors included or otherwise the code >> was compromised on pressure of govermental authorities. It would be the >> sign for the users to review the code and maybe to fork an earlier >> version and host it in a free country, where the protection of personal >> data is a common sense and national security is not so much an issue. >> > > I think that your idea is worth further consideration. > > As I just answered to other postings of this thread, by my comprehension > infiltrating firewall software such as pfSense should be highly interesting > for NSA, etc. because they would get a grip onto your internal and VPN > traffic. > So it should be only a matter of time, that they knock the door at ESF and > force them to do things they don't like. We all - as a community - should > think and act pro-actively to that and take appropriate measures to protect > pfSense, ESF and the key people such as Chris Buechler and his partners > from this realistic thread in time. > > Best regards > Thinker Rix > > ______________________________**_________________ > List mailing list > [email protected] > http://lists.pfsense.org/**mailman/listinfo/list<http://lists.pfsense.org/mailman/listinfo/list> > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
