On Wed Nov 03, 2004 at 20:36:18 +1100, O Plameras wrote: >Jeff Waugh wrote: > >><quote who="O Plameras"> >> >> >> >>>Yes, it is. >>> >>> >> >>Oscar, quite seriously, the concept of "building a kernel" has absolutely >>nothing to do with security. Someone has been telling you tall stories. >> >> >> >Jeff, security I take seriously. I want to be satisfied that there is >nothing in the >source codes that compromises. I also want to have a third, fourth, etc >party >for the record to audit the process (or business process). It is my >process to >put everything in writing, not just my word or someones words, and then >someone can take his or my word for it. As we all know, in computer >security everyone is distrusted except those that one expressly trust. And >this is made operational in computer process by means of filters, that is, >everything is disallowed except those that one has expressly allowed. > >The other side is you trust everyone except those that you have expressly >identitfied as not trustworthy. This is not how computer security works. >Computer security I follow is I trust only those I expressly trust and >do not trust everyone else. > >I do not trust the Source Codes as a matter of procedure until I confirmed >that it is trustworthy. This is not me but it is logical, practical, and >is the >practice.
But how can you trust the Linux kernel source? It is many millions of lines of code! I'm pretty impressed if you've read everyone! Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html