Re: Four people decided the fate of debian with systemd. Bad faith likely
On 02/03/14 16:53, yaro@marupa.net wrote:
> On Sunday, March 02, 2014 04:25:13 PM Scott Ferguson wrote:
>> On 02/03/14 11:28, Ralf Mardorf wrote:
>>> On Sun, 2014-03-02 at 10:55 +1100, Scott Ferguson wrote:
>>>> Here's mine:-
>>>> troll elsewhere - try rabbleRus.org or LetMeTellUWhat2Do.mob
>>>>
>>> :D
>>>
>>> We Arch users made a poll. Even if more users would have been against
>>> systemd, the developers would have switched to systemd, but most users
>>> wanted systemd. We, around 49% and me were against systemd, but around
>>> 51 % were pro systemd. Nowadays it makes live easier for all of us who
>>> use several different distros, when _all_ or at least the most important
>>> distros will switch to systemd. To discuss pros and cons of systemd a
>>> time machine is needed, to go back more than 3 years ago. To discuss it
>>> in 2014 is a little bit to late.
>>
>> Same with Debian based on what I read, the vote was fairly evenly split,
>> which is why it went to the Technical Committee, who were also fairly
>> evenly split.
>>
>
> Which probably demonstrates why there's no hidden agenda going on surrounding
> systemd and there were legitimate reasons why it was finally chosen.
>
>> My concern is that it's a divisive issue that would be tempting for
>> third parties to exacerbate and exploit. Commercial software vendors,
>> and the companies that do their "marketing" and "public relation" might
>> want to take advantage of the situation to reduce the market share they
>> lose to Debian (and Linux as a whole). It wouldn't be that far from the
>> sort of dirty tactics they've employed in the past.
>
> Definitely reasonable concerns, though to be honest, Linux's detractors would
> have looked for something else to latch onto if systemd wasn't divisive
> enough.
As well as?
> In a few more years I imagine most people opposed to systemd won't
> have a problem with it being there after all after using it for a bit.
I'd be very surprised if it wasn't modified to suit the needs of the
majority of developers - and they tend have the same itches as the
"users", just slightly less conservative about their "needs". But I'm
not a futurist.
Though I did try voting conservative for a change - not surprisingly I
was disappointed ;p
>
>> And then there's NSA (and the companies they outsource to) - they *do*
>> have an agenda that would be furthered by creating divisions and
>> uncertainty in Debian. They've made large investments in software hooked
>> to the existing init system - and while they'll have to retool to use
>> systemd it doesn't mean they have the same access required to replace
>> existing malware installations, additionally they would probably enjoy
>> seeing less people use Debian.
>>
>
> The trouble is, how effectively can the NSA hook itself into open source
> software?
As effectively as possible, by all means possible?
Do they recruit university students who show an aptitude for finding
weaknesses in software? (the answer is yes).
> How easily could they get backdoors into something without upstream
> noticing?
How long is a piece of string? ;)
> Might be effective getting hooks into something downstream, but I
> don't see the NSA getting anything into something upstream without someone
> noticing, since patches are generally reviewed before integration.
See history of C compilers.
>
> To sum up my *thought* on that, the NSA needs cooperation from someone OUTSIDE
> the NSA to get their hooks in. How likely is it a Debian package maintainer
> would be compromised?
How likely is it that MI5 could *have* compromised Serbians?
The NSA asked Linus Torvalds, as a US citizen he'd go to jail if he
admitted the request to backdoor the kernel (instead he said no when
asked in an interview, while nodding "yes"). His father is not a US
citizen and was more forth-coming. Does that mean that because Linux
refused that others couldn't be convinced of the career benefits (or
health and sanity risks of not complying)? Many eyes is good for a
number of reasons - we're all human.
> Would someone else notice? Would the maintainer be
> removed?
Things are patched all the time. While the Debian policy is to alway
make flaws public it doesn't extend to investigating and/or publicizing
the reasons, so I don't know the answer to that.
>
> I'm not saying it's implausible so much as it doesn't sound like it'd last
> long if they could get something in.
If you want an informed answer I'd suggest reading Bruce Schneier's
blog, or the Guardian.
> Could you perhaps give me some insight
> into ways the NSA could do this?
No - for a multitude of reasons, omnipotence being one of them. ;p
> I just don't see most upstream people
> cooperating. Can the NSA force anyone to actually put backdoors in their own
> code?
Huh? Are you serious or just don't follow current events? :)
Levison and Lavabit, the Internet Archive, and many others "got a
visit". And they're the ones who dared to say anything about it.
Yes - they can force you. Legally if you're a US citizen. They can/have
also "coerced" people.
<snipped>
>
> Conrad
>
>
Interesting, but I'll leave the subject at that. This is a "technical"
list for Debian users. :)
Kind regards
Reply to: