On 11-10-2013 11:57, Adrian Zaugg wrote: > Dear all > > After having read the whole NSA thread on this list, it came up to my > mind that pfsense web GUI could declare itself "conform to US laws" upon > the point when there are known backdoors included or otherwise the code > was compromised on pressure of govermental authorities. It would be the > sign for the users to review the code and maybe to fork an earlier > version and host it in a free country, where the protection of personal > data is a common sense and national security is not so much an issue.
? And which country would that be? I mean the Brittish MI4? tapped the Belgian telecom network for over a year to listen into the EU politicians... I don't see the point in this. I've been a developer since november 2005 and since that time I have never seen any evidence that this is the case. Not to downplay the trust issue, it is always good to do a background check on what we put into pfSense (which we do). Pretty much everything we have in pfSense is checked in the version control system. Even in the beginnings (0.83) with CVS. Even our builder scripts are in a RCS system, and it verifies all checksums on external (mostly FreeBSD ports) software we download for the build. The most realistic way to get a backdoor in pfSense would have to come from a upstream source. And FreeBSD generally has this properly in order and a security team that acts properly. The way the most intelligence agencies these days perform the wire tapping is by getting a switch mirror port at a internet exchange. Even fiber optics can be tapped without too much problems. In .NL all large ISPs have a mandatory wiretap in place that stores datetime stamped headers of the internet traffic for discovery purposes from the authorities. The best part of this, it is paid for by the customers, since the ISP needs to pay for the system and storage. Regards, Seth _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list