On 02/03/14 16:53, y...@marupa.net wrote: > On Sunday, March 02, 2014 04:25:13 PM Scott Ferguson wrote: >> On 02/03/14 11:28, Ralf Mardorf wrote: >>> On Sun, 2014-03-02 at 10:55 +1100, Scott Ferguson wrote: >>>> Here's mine:- >>>> troll elsewhere - try rabbleRus.org or LetMeTellUWhat2Do.mob >>>> >>> :D >>> >>> We Arch users made a poll. Even if more users would have been against >>> systemd, the developers would have switched to systemd, but most users >>> wanted systemd. We, around 49% and me were against systemd, but around >>> 51 % were pro systemd. Nowadays it makes live easier for all of us who >>> use several different distros, when _all_ or at least the most important >>> distros will switch to systemd. To discuss pros and cons of systemd a >>> time machine is needed, to go back more than 3 years ago. To discuss it >>> in 2014 is a little bit to late. >> >> Same with Debian based on what I read, the vote was fairly evenly split, >> which is why it went to the Technical Committee, who were also fairly >> evenly split. >> > > Which probably demonstrates why there's no hidden agenda going on surrounding > systemd and there were legitimate reasons why it was finally chosen. > >> My concern is that it's a divisive issue that would be tempting for >> third parties to exacerbate and exploit. Commercial software vendors, >> and the companies that do their "marketing" and "public relation" might >> want to take advantage of the situation to reduce the market share they >> lose to Debian (and Linux as a whole). It wouldn't be that far from the >> sort of dirty tactics they've employed in the past. > > Definitely reasonable concerns, though to be honest, Linux's detractors would > have looked for something else to latch onto if systemd wasn't divisive > enough.
As well as? > In a few more years I imagine most people opposed to systemd won't > have a problem with it being there after all after using it for a bit. I'd be very surprised if it wasn't modified to suit the needs of the majority of developers - and they tend have the same itches as the "users", just slightly less conservative about their "needs". But I'm not a futurist. Though I did try voting conservative for a change - not surprisingly I was disappointed ;p > >> And then there's NSA (and the companies they outsource to) - they *do* >> have an agenda that would be furthered by creating divisions and >> uncertainty in Debian. They've made large investments in software hooked >> to the existing init system - and while they'll have to retool to use >> systemd it doesn't mean they have the same access required to replace >> existing malware installations, additionally they would probably enjoy >> seeing less people use Debian. >> > > The trouble is, how effectively can the NSA hook itself into open source > software? As effectively as possible, by all means possible? Do they recruit university students who show an aptitude for finding weaknesses in software? (the answer is yes). > How easily could they get backdoors into something without upstream > noticing? How long is a piece of string? ;) > Might be effective getting hooks into something downstream, but I > don't see the NSA getting anything into something upstream without someone > noticing, since patches are generally reviewed before integration. See history of C compilers. > > To sum up my *thought* on that, the NSA needs cooperation from someone > OUTSIDE > the NSA to get their hooks in. How likely is it a Debian package maintainer > would be compromised? How likely is it that MI5 could *have* compromised Serbians? The NSA asked Linus Torvalds, as a US citizen he'd go to jail if he admitted the request to backdoor the kernel (instead he said no when asked in an interview, while nodding "yes"). His father is not a US citizen and was more forth-coming. Does that mean that because Linux refused that others couldn't be convinced of the career benefits (or health and sanity risks of not complying)? Many eyes is good for a number of reasons - we're all human. > Would someone else notice? Would the maintainer be > removed? Things are patched all the time. While the Debian policy is to alway make flaws public it doesn't extend to investigating and/or publicizing the reasons, so I don't know the answer to that. > > I'm not saying it's implausible so much as it doesn't sound like it'd last > long if they could get something in. If you want an informed answer I'd suggest reading Bruce Schneier's blog, or the Guardian. > Could you perhaps give me some insight > into ways the NSA could do this? No - for a multitude of reasons, omnipotence being one of them. ;p > I just don't see most upstream people > cooperating. Can the NSA force anyone to actually put backdoors in their own > code? Huh? Are you serious or just don't follow current events? :) Levison and Lavabit, the Internet Archive, and many others "got a visit". And they're the ones who dared to say anything about it. Yes - they can force you. Legally if you're a US citizen. They can/have also "coerced" people. <snipped> > > Conrad > > Interesting, but I'll leave the subject at that. This is a "technical" list for Debian users. :) Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5312d790.4060...@gmail.com