[cryptography] kernel.org hack and kernel integrity
William Allen Simpson
william.allen.simpson at gmail.com
Sat Sep 3 09:52:39 EDT 2011
On 9/3/11 4:04 AM, James A. Donald wrote:
> Torvald trusts some people, each of which trusts some more people - but he also trusts them to check the code.
Unfortunately, we know that at least David Miller doesn't actually
check the code. The Linux TCP/IP stack is full of bugs, and even
those reported don't get fixed in anything like a timely manner.
> Suppose that there is a bad apple. The bad apple can socially engineer his code into the source tree by leveraging his relationships, but in so doing, if he gets caught, will burn those relationships.
Naw, doesn't seem to have any affect on the relationships. So-called
reputation and trust is severely overrated.
More information about the cryptography