That's why I compile and cut those codes I do not understand
and end up with fewer lines that I understand.
Benno wrote:
On Wed Nov 03, 2004 at 20:36:18 +1100, O Plameras wrote:
Jeff Waugh wrote:
<quote who="O Plameras">
Yes, it is.
Oscar, quite seriously, the concept of "building a kernel" has absolutely
nothing to do with security. Someone has been telling you tall stories.
Jeff, security I take seriously. I want to be satisfied that there is
nothing in the
source codes that compromises. I also want to have a third, fourth, etc
party
for the record to audit the process (or business process). It is my
process to
put everything in writing, not just my word or someones words, and then
someone can take his or my word for it. As we all know, in computer
security everyone is distrusted except those that one expressly trust. And
this is made operational in computer process by means of filters, that is,
everything is disallowed except those that one has expressly allowed.
The other side is you trust everyone except those that you have expressly
identitfied as not trustworthy. This is not how computer security works.
Computer security I follow is I trust only those I expressly trust and
do not trust everyone else.
I do not trust the Source Codes as a matter of procedure until I confirmed
that it is trustworthy. This is not me but it is logical, practical, and
is the
practice.
But how can you trust the Linux kernel source? It is many millions of
lines of code! I'm pretty impressed if you've read everyone!
Benno
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
