[Discuss] our friend the nsa

[Richard Pieri]

john saylor wrote:
> think about open source for a moment. also, i do not think linus [or
> linux] can be subject to an NSA security letter as he is not a US citizen.

He resides on US soil. This makes him subject to US laws.

> but it would be easy to fork any open source project and make the
> modifications you would like on it.

Why fork? There's already a pile of NSA-written or NSA-sponsored code in 
the main line Linux kernel and common libraries. Examples include 
OpenSSL and SELinux.

Just because the source code is available does not mean that those who 
look at the code can recognize weaknesses and back doors. And even if 
they could, it's no guarantee that the code they see won't acquire 
weaknesses when compiled. There's a class of kernel vulnerabilities that 
on paper cannot be exploited but become exploitable due to GCC 
optimizations at compile time (like the cheddar /dev/net/tun exploit).

-- 
Rich P.