[Arm-netbook] Questioning The Holy War

Chris Tyler chris at tylers.info
Sat Dec 8 15:28:18 GMT 2018


On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath <pablo at parobalth.org> wrote:

> On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote:
> > On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote:
> > >
> > > How do you know if the source is closed? :)
> >
> > Let's assume this is a real question.
>
> Hendrik, I am sorry. I see, I have phrased my (rhetoric) question
> poorly. What I meant and should have written is mor like: "How can you
> know if a
> software behaves well and doesn't shoot the cat when you can't audit the
> source code?"
>

I must point out an error here: Ken Thompson proved that auditing source
code (of software and the toolchain used to build it) is meaningless in his
paper "Reflections on Trusting Trust". That paper/talk was released 34
years ago, and it wasn't theoretical -- it was based on malware that he'd
successfully released into the wild many years before.

(That said, I still prefer to be able to read the source -- just saying we
shouldn't attribute disproven benefits to source reading!).

-Chris


More information about the arm-netbook mailing list