[Arm-netbook] Questioning The Holy War

Adam Van Ymeren adam at vany.ca
Sat Dec 8 17:00:31 GMT 2018



On December 8, 2018 10:28:18 AM EST, Chris Tyler <chris at tylers.info> wrote:
>On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath <pablo at parobalth.org> wrote:
>
>> On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote:
>> > On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote:
>> > >
>> > > How do you know if the source is closed? :)
>> >
>> > Let's assume this is a real question.
>>
>> Hendrik, I am sorry. I see, I have phrased my (rhetoric) question
>> poorly. What I meant and should have written is mor like: "How can
>you
>> know if a
>> software behaves well and doesn't shoot the cat when you can't audit
>the
>> source code?"
>>
>
>I must point out an error here: Ken Thompson proved that auditing
>source
>code (of software and the toolchain used to build it) is meaningless in
>his
>paper "Reflections on Trusting Trust".

His talk didn't show that it's meaningless but that its not always sufficient.

> That paper/talk was released 34
>years ago, and it wasn't theoretical -- it was based on malware that
>he'd
>successfully released into the wild many years before.
>
>(That said, I still prefer to be able to read the source -- just saying
>we
>shouldn't attribute disproven benefits to source reading!).
>
>-Chris
>_______________________________________________
>arm-netbook mailing list arm-netbook at lists.phcomp.co.uk
>http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook
>Send large attachments to arm-netbook at files.phcomp.co.uk



More information about the arm-netbook mailing list