[cryptography] kernel.org hack and kernel integrity

William Allen Simpson william.allen.simpson at gmail.com
Sat Sep 3 09:52:39 EDT 2011


On 9/3/11 4:04 AM, James A. Donald wrote:
> Torvald trusts some people, each of which trusts some more people - but he also trusts them to check the code.
>
Unfortunately, we know that at least David Miller doesn't actually
check the code.  The Linux TCP/IP stack is full of bugs, and even
those reported don't get fixed in anything like a timely manner.

> Suppose that there is a bad apple. The bad apple can socially engineer his code into the source tree by leveraging his relationships, but in so doing, if he gets caught, will burn those relationships.
>
Naw, doesn't seem to have any affect on the relationships.  So-called
reputation and trust is severely overrated.



More information about the cryptography mailing list