On 10 September 2013 10:48, Jason White <[email protected]> wrote: > Russell Coker <[email protected]> wrote: > >> Next if the NSA wanted to put some hostile code in the kernel then surely >> they >> would use a random gmail account to submit patches and not do anything bad >> under their own name. >> > > Agreed. Further, if any government wanted to subvert cryptography they could > do it by trying to sneak code into OpenSSL, NSS or GNUTLS - and the > vulnerability would have to be subtle enough to escape notice by the > maintainers.
Or the Debian maintainers could just "inadvertently" introduce the code themselves and no-one would notice for two years. http://article.gmane.org/gmane.linux.debian.security.announce/1614 T _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
