[CentOS] Can we trust RedHAt encryption tools?
Kanwar Ranbir Sandhu
m3freak at thesandhufamily.ca
Thu Jan 9 21:27:15 UTC 2014
On 2014-01-06 11:28, James B. Byrne wrote:
> I believe that the issue is of pressing interest to the entire
> community and I
> would like to read what others have to say on the matter.
I think everyone should assume the entire ecosystem is compromised and
shouldn't trust anything. Code should be reviewed and bugs/weaknesses
removed IMMEDIATELY. The problem is obviously not everyone is a
programmer and not everyone will have the knowledge to understand how to
fix/improve the security issues. Of course, some software is still
good, but who's going to verify that and when? If you don't use free
software, you're a goner because now you have no ability whatsoever to
audit the code!
We can't trust the software or the hardware any longer. When the
problem runs this deep, what can anyone do? The NSA program has
effectively removed my trust with every single U.S. (actually, 5 eyes)
based tech company.
I can only imagine what RMS thinks about all of this. If he hadn't
fought for so long for free software, we would all truly be up shits
creek.
Don't trust proprietary anything. Use free software - it'll be fixed
sooner and properly before anything else.
--
Kanwar Ranbir Sandhu
More information about the CentOS
mailing list