On Monday 09 July 2018 at 12:42:40, Jimmy Johnson wrote:
> On 07/09/2018 03:16 AM, KatolaZ wrote:
> >
> > There are lots of people out there who understand a lot more about the
> > Linux kernel than many of us here. I simply decided to trust them,
> > collectively, because I know that nobody can buy all of them.
>
> Well some of those kernel experts are saying you need to check your
> kernel.
It is just as plausible that these kernel experts are deliberately spreading
fear, uncertainty and doubt with no substance whatsoever.
Any responsible person who says "you need to check your kernel; there may be a
backdoor (or two) in it" would point at what they found to back up their
claim. Even if this results in said backdoor being promptly removed, only for
another one to be lurking elsewhere unannounced, it's an improvement in the
security of the code, and everyone knows that the person was speaking
truthfully.
Anyone who claims to know there are backdoors but doesn't say why they believe
this, what the backdoors are, or where to find further information about them,
is only as bad as a "security researcher" who claims to have identified a
vulnerability in code (which I regard as different from a backdoor because
vulnerabilities are accidental, backdoors are deliberate) but refuses to
provide responsible disclosure to the vendor / developer responsible for that
code and thereby leaves it open to (further) exploitation.
> Also how you respond to this thread speaks volumes.
This, of course, is also true about you.
Antony.
--
"It would appear we have reached the limits of what it is possible to achieve
with computer technology, although one should be careful with such statements;
they tend to sound pretty silly in five years."
- John von Neumann (1949)
Please reply to the list;
please *don't* CC me.