25 Sep
2013
25 Sep
'13
12:24 a.m.
On 10 September 2013 10:48, Jason White <jason@jasonjgw.net> wrote:
Russell Coker <russell@coker.com.au> wrote:
Next if the NSA wanted to put some hostile code in the kernel then surely they would use a random gmail account to submit patches and not do anything bad under their own name.
Agreed. Further, if any government wanted to subvert cryptography they could do it by trying to sneak code into OpenSSL, NSS or GNUTLS - and the vulnerability would have to be subtle enough to escape notice by the maintainers.
Or the Debian maintainers could just "inadvertently" introduce the code themselves and no-one would notice for two years. http://article.gmane.org/gmane.linux.debian.security.announce/1614 T