Re: just saying
On Thu, 24 Nov 2022 16:05:31 -0500
Jeremy Hendricks <jwh1981@gmail.com> wrote:
> I have no idea what you mean. It’s open source and you can analyze
> the code line by line.
>
You can analyse the *source* code. The machine code it allegedly
produces cannot be analysed any more easily than can closed-source
software. Assembler maps one-to-one to machine code, statements in a
compiled language do not come close to that.
Ken Thompson showed how it's done nearly forty years ago:
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
"You can't trust code that you did not totally create yourself.
(Especially code from companies that employ people like me.) No
amount of source-level verification or scrutiny will protect you
from using untrusted code."
I personally would expect every serious compiler in the world to have
been corrupted by one government or another. If something nefarious can
technically be done, a government will do it without a second thought.
Look at it this way: would the CIA/FBI/MI5/etc. allow the use of Linux
to put people beyond their surveillance?
--
Joe
Reply to: