On Mon, 2004-04-12 at 20:49, Mike M wrote: > On Mon, Apr 12, 2004 at 06:54:20PM -0400, Rick DeNatale wrote: > > This is not at all an argument against open source, just a more > > sophisticated view of the role of source in security auditing. > > Requesting more clarity here please. I can't tell what is open or > closed in your description: the compiler source, the source the compiler > is compiling, or both, or neither.
<SNIP> Both are open. And he shouldn't have presented it as if this were theoretical wanking. Ken Thompson actually did this. http://www.catb.org/~esr/jargon/html/B/back-door.html And yup, it's fiendish and really scary. But I'm not convinced that OSS is more vulnerable to this than say certain proprietary network hardware OS's. (*cough* CISCO *cough*) CJK
signature.asc
Description: This is a digitally signed message part
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
