[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: systemd is here to stay, get over it now

Alexander Pushkin <alex904633@mail.ru> writes:

> For some of us there will never be an awesome Debian release that at
> it's core contains systemd. It's core developers, Lennart Poettering and
> Kay Sievers, work for a company that has multi-billion dollar contracts
> with NSA. It is your choice to assume good faith on their part. It is
> our choice not to.

I'm mildly curious how you managed to assemble a Debian system that does
not have libselinux1 installed.  It was originally written by the NSA, you
know.  Or, for that matter, how you assembled a Debian system without
glibc, or the Linux kernel, or gcc, or numerous other packages to which
Red Hat, and Google, and other companies with multi-million dollar US
defense and NSA contracts contributed substantially to or were primary
developers of.

Put another way, to quote a recent US federal ruling on a different
ideological topic, these are not the arguments of serious people.

> Please respect our decision to stay away from systemd and still be
> Debian users. If possible, please, don't resist changes that make our
> lives easier.

systemd is open source.  Every line of code is available to you to read.
If you think the NSA has hidden some strange back-door in systemd, please
go discover it.  You would make front-page headlines around the world, and
do a great service to the open source community.  Nothing is standing in
your way.

If the NSA are going to hide back-doors in open source projects (a rather
dubious idea to start with, given how difficult it is and how much social
blowback there would be when such a thing was inevitably discovered), they
would focus on highly-opaque code that cannot be easily audited except by
experts.  That's why people are very worried about crypto libraries and
particularly crypto algorithms that involve special magic numbers.  That's
an obvious place to conceal such a thing.

systemd is not highly opaque code that can only be audited by experts.
It's not doing particularly complex things; its appeal instead lies in the
architectural model, developed after a few previous attempts to do similar
things and based on lessons learned from them.  The code itself is similar
in readability and complexity to many, many other programs in our
distribution, and considerably *easier* to audit than, say, the Linux
kernel (which would be a more fruitful place for embedding back-doors).

I have no respect for bizarre conspiracy theories, and don't think Debian
is well-served by having respect for such things either.  We're trying to
build the best free software distribution we can, not trying to run a
divestiture campaign from Red Hat or some other company based on who they
do business with.  If you feel that's an appropriate political response,
more power to you, but you are going to find it very, very hard to
entirely avoid Red-Hat-developed free software in the Linux ecosystem.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: