On Wed, Feb 16, 2011 at 11:34 AM, Michael Dexter <[email protected]>wrote:
> On 2/16/11 8:12 AM, Keith Lofstrom wrote: > > I was thinking about Michael Dexter's BSD presentation last night. > > One of my concerns about software is the insertion of logic bombs. > I'm not a Linux kernel dev nor even a patch contributor, but my understanding of the process of getting any code into the mainline kernel code where said code could to do extensive damage is highly unlikely. Any code that is submitted to mainline tree is extensively reviewed by other developers. So the likely hood that someone unknown person is going to happen along and inject some malicious code into the mainstream kernel is pretty low. Not saying it can't happen, the Titanic sank, but the best thing we can do as users of FLOSS is to keep up w. security updates and know our systems well. How many people check their log files every day??? So, I wouldn't be so concerned about these types of things at the OS level but more so at the application level. But even there, you take a distribution like Debian. A typical Debian testing stage is 2 - 3 yrs before any new app code gets merged into the stable tree. I found this preso on this topic interesting... www.cs.ucf.edu/courses/cot4810/.../Trap_Doors_*Logic*_*Bombs*.ppt I run Debian on all my boxen and I subscribe to their security announcement list. [email protected] I see a few of these every day and it gives me sense of (maybe false) confidence that the code is consistently being tested, reviewed, and secured... _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
