Vlad Stesin wrote:
I don't quite understand the logic behind this. The fact that the program's source is available is itself a proof that there are no backdoors. Anyone can read the source code and make sure it's OK.
Anyone can, but does anyone? Also be aware that most people don't compile from source--it would be easy to doctor the source, compile a binary, and ship the trojan binary alongside the unmodified source.
However, this argument does hold against non-OSS.
Yes it does, but not quite in the same way. For example, I believe that in days of yore some attackers managed to insert a back door into some DEC OS by breaking into the coding environment (I don't recall the details, does anyone else?). So in other words, not only _could_ this happen with non-OSS, it _has_ happened, and no doubt it happens reasonably often. In short, this is a real problem, but it seems to be that the likes of Linux ought to be able to leverage its decentralised and parallel development model to address it in a more comprehensive manner than any closed centralised model could ever hope to achieve. "Many eyes" _should_ make for defence in depth against this--but it does look like some process is needed, and the Linux folk will need some kind of argument to convince people that it works. Perhaps a start would be for individuals to essentially certify software that they had personally checked, offering repositories with detached signatures for specific versions of software compiled in a certain way. Software that hadn't yet been certified or which didn't match sufficient independent signatures could then be referred to a human for checking, and if it was OK then that version of the software could also be signed. This would also serve as a highly visible "yes, we have checked this for back doors" statement..."and here are 1,000s of signatures to prove it" :) Cheers, Frank O'Dwyer.