Re: NSA software in Debian

To: debian-security@lists.debian.org
Cc: russell@coker.com.au
Subject: Re: NSA software in Debian
From: Celejar <celejar@gmail.com>
Date: Tue, 21 Jan 2014 21:15:49 -0500
Message-id: <[🔎] 20140121211549.9dc627f78064e864c474c2ed@gmail.com>
In-reply-to: <[🔎] 201401221224.27997.russell@coker.com.au>
References: <[🔎] 87000BDF-320B-403F-AC8C-E0BCC89DA622@yahoo.de> <[🔎] 201401221224.27997.russell@coker.com.au>

On Wed, 22 Jan 2014 12:24:27 +1100
Russell Coker <russell@coker.com.au> wrote:

> On Sun, 19 Jan 2014, Marco Saller <marcosaller@yahoo.de> wrote:
> > i am not sure if this question has been asked or answered yet, please do
> > not mind if i would ask it again. Is it possible that the NSA or other
> > services included investigative software in some Debian packages?
> 
> It is possible that a DD has betrayed the cause and willingly subverted a 
> package, in the past we had someone apply to become a DD who had a history of 
> doing such things.  Fortunately they were caught and didn't become a DD, but 
> it's possible that someone else with similar ideas got through.  This doesn't 
> make Debian any different to any other large project or organisation.  Getting 
> 1000+ people to work together and have no-one do crazy stuff is an impossible 
> problem to solve.

Don't forget that the NSA itself was subverted in exactly that manner -
someone joined pretending to be loyal to the organization, but was
really intent on undermining it ...

Celejar

Reply to:

References:
- NSA software in Debian
  - From: Marco Saller <marcosaller@yahoo.de>
- Re: NSA software in Debian
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: NSA software in Debian
Next by Date: finding a process that bind a spcific port
Previous by thread: Re: NSA software in Debian
Next by thread: Re: NSA software in Debian
Index(es):
- Date
- Thread