Is Open Source safe? [Linux Weekly News]

Vlad Stesin rmiles at Generation.NET
Sun Nov 22 21:08:13 PST 1998 


I don't quite understand the logic behind this. The fact that the
program's source is available is itself a proof that there are no
backdoors. Anyone can read the source code and make sure it's OK.

However, this argument does hold against non-OSS. It can even be used to
promote Linux (and other free open-source operating systems), since
someone could distribute some win32 trojans on download.com, tucows.com
and others.

Regards,
--
Vlad Stesin 
vstesin at cs.mcgill.ca

On Sun, 22 Nov 1998, Jim Choate wrote:

> 
> Forwarded message:
> 
> > X-within-URL: http://lwn.net/1998/1119/Trojan.html
> 
> >                                THE TROJAN HORSE
> >                                        
> >                                        
> >     Bruce Perens <bruce at hams.com>
> >     
> >    
> >    There's a problem that could very badly effect the public perception
> >    of Linux and Open Source. I want people to think about this, and
> >    hopefully "head it off at the pass" before it happens.
> >    
> >    Perhaps it's already on your system today: a trojan-horse program. It
> >    might be a game, or more likely a system utility. It's author uploaded
> >    it to an FTP archive, where it was then picked up by your favorite
> >    Linux distribution, who wrote it onto the CD-ROM that you bought. It
> >    works just fine, but hidden away in the program is a special feature:
> >    a secret back-door past your system's security.
> >    
> >    Perhaps the author of this attack is tired of hearing about what great
> >    hackers we are, and wants to take us down a notch. He's patient - he
> >    will wait until his program is distributed to tens of thousands of
> >    Linux systems before he says a word. But say is what he'll do - he's
> >    not really interested in breaking into your system. What he wants is
> >    the publicity, bad publicity for us, and lots of it. We've left the
> >    gates open for this trojan horse. Let's talk about how to close them,
> >    and hope we have enough time to solve this problem before our
> >    reputation is hurt.
> 
> [mnoga tekct oodalyaty]
> 
> 
>     ____________________________________________________________________
>  
>              Technology cannot make us other than what we are.
> 
>                                            James P. Hogan
> 
>        The Armadillo Group       ,::////;::-.          James Choate
>        Austin, Tx               /:'///// ``::>/|/      ravage at ssz.com
>        www.ssz.com            .',  ||||    `/( e\      512-451-7087
>                            -====~~mm-'`-```-mm --'-
>     --------------------------------------------------------------------
> 
>

More information about the cypherpunks-legacy mailing list