On Tue, 17 Jul 2018 at 12:26:29 -0500
Эльбрус Кондратьев <kondratyev@???> wrote:
> Many people around forgets that the mission of the US National Security
> Agency encompasses to 'stay on top' of everything they consider
> themselves 'exceptional' and above the rule of law. It's their job to
> intervene, hack and control everything their adversaries may employ.
>
> Their intentions do not constitute a 'possibility': they get paid for
> hacking.
>
> Too many positions here result akin to state: We're not placing security
> on the door because we have not seen the criminals coming in, although
> we know they want and get paid to do it.
No one ever doubted that. The NSA is just one of the several parties with
very serious intentions about knowing and even controlling everything that
happens or transits on the Internet (and with the means to do it almost
pervasively). However the issue that was being debated was the presence of a
backdoor in the Linux kernel Debian package, source code included, and the
feasability of forking it for the sake of security.
My point is that the chances there is a backdoor in the Linux kernel
are about as high as the chances tomorrow an alien ship abducts the world's
leaders to take them captive to another solar system(*), that there's no way
we, or any single minor distro devs, could make the kernel any more secure
than it currently is and that trying to do it would drain a huge amount of
resources. Resources that'd be much better used in other critical fields,
including securing the OS on the several other fronts that are IMO much more
susceptible of having SW defects, that they are accidental of designed by
purpose.
*) Sometimes I do wish I was proved wrong. I'll let you guess which way do I
wish I was proved wrong.