Hi, john smith wrote (22 Mar 2016 00:19:42 GMT) : >>> How would you quantify the chances of you currently >>> redistributing malware, and more specifically spyware along >>> with the Linux kernel?
>> I personally have no means to quantify this. > Now this is the most puzzling issue for me. Let me put it differently then: I don't have access to the data I (or anyone else, really) would need to properly quantify this. > I have hard time > figuring out which of the following scenarios is taking place in > Tails dev forum: > (1) You, the developers, never tried to quantify the risk of > having malware within Linux kernel firmware. Or may be you tried, > and you concluded that you cannot put any number or a confidence > interval on it. Either way, you decided to go ahead with it, so > now you are distributing software which you either never > evaluated for privacy/security purposes, or which you concluded > was not possible to evaluate. And it's important to note, > evaluation of risk is so hard here because the software supplier > keeps the code obfuscated on purpose. > (2) You concluded that the risk was very low: on par with having > backdoors inside free software, so nearly zero. This is > despite the fact that we have a long history of malware and > spyware distributed within blobs, a long history of legal > immunity of "legitimate" non-free software vendors, and a long > history of spyware being explicitly legal within operating > systems such as MS Windows, OS X, and commercial Android > deployments. I guess it's something from (1) and something from (2). I'm curious about your references wrt. backdoors in device firmware (e.g. shipped with Linux). Cheers, -- intrigeri _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
