Re: Strongest linux - kernel patches
On Thu, Jul 03, 2003 at 02:55:53AM +0200, Luis Gomez - InfoEmergencias wrote:
> On Mi?rcoles, 2 de Julio de 2003 15:05, Preben Randhol wrote:
> > What about: http://www.nsa.gov/selinux/ ?
> For the sake of God, how in hell can we associate "nsa.gov" with "secure"?
> Excuse me if I'm bullshitting, but I understand that those people who refuse
> to export strong criptography unless it contains backdoors, cannot be trusted
> at all. I may be wrong, but what the hell is their interest in providing the
> whole world with a secure system?
> I'd appreciate any comments or explanations on this. Thanks
Maybe some "good guys" got hired there, and are plotting the revolution
from the inside :)
Besides that, maybe some people within the NSA have changed their mind
about how to keep their nation secure. Maybe they learned something from
their anti-crypto stance resulting in congress-people's cell-phones being
eavesdropped on, and so on. Also, they could be trying to combat the
proliferation of insecure systems on the Internet, which is bad for
everyone, including them.
The selinux code has been out there for a long time now, and lots of people
other than shady three-letter-agency types have gone over it. I haven't
heard of anyone discovering any apparent attempts to leave back doors in it.
By now, it's probably been exposed to enough eyeballs that the conventional
wisdom about Free software being well debugged should apply, wrt.
intentional or unintentional security problems.
I detest the bad things US gov't agencies have done, but I'm prepared to
accept good things that they (or a few people working for them) do, unless
and until someone shows that they're really up to no good. I certainly
don't trust them, but I'm prepared to consider the possibility that they
aren't _always_ up to no good.
This is starting to get a bit off topic, and it was for the most part
agreed in a recent thread about US foreign policy that this doesn't belong
on deb-sec. Further discussion about politics, rather than specifically
about selinux, should probably happen on a newgroup like alt.impeach.bush,
#define X(x,y) x##y
Peter Cordes ; e-mail: X(firstname.lastname@example.org , s.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC