On Mon, 9 Jul 2018 at 18:06:12 +1000
Andrew McGlashan <andrew.mcglashan@???> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
>
> On 09/07/18 17:51, KatolaZ wrote:
>> Literally anybody can get the sources of the Linux kernel and read
>> through it. So I guess your fears are somehow unjustified...
>
> There were long standing problems with openssl -- the source code was
> fully available, anybody could have found the problems, but they didn't.

Yes, there were bugs. Not backdoors.

OpenSSL is a project that very hardly compares to the Linux kernel:

https://en.wikipedia.org/wiki/OpenSSL

    "The OpenSSL project management team consists of 8 people, and the
    entire development group consists of 13 members, out of which 10 are
    volunteers. There are only three full-time employees."

> The Linux Kernel is HUGE, the possibility to find something that
> shouldn't be there would not be very easy.

However, all the backdoors I know of were found in proprietary software
(like Cisco) or in Linux-running comsumer networking appliances operated
with the admin default password or left unpatched for years.

> Binary blobs remain the
> most "risky" components, but anything else can easily hide in plain sigh
> t.

Actually the Linux kernel is the most scrutinized and secure piece of
software that's around. There's no way a few people could make it more
secure than it already is by forking it.



Alessandro