On 2014-01-06 11:28, James B. Byrne wrote:
I believe that the issue is of pressing interest to the entire community and I would like to read what others have to say on the matter.
I think everyone should assume the entire ecosystem is compromised and shouldn't trust anything. Code should be reviewed and bugs/weaknesses removed IMMEDIATELY. The problem is obviously not everyone is a programmer and not everyone will have the knowledge to understand how to fix/improve the security issues. Of course, some software is still good, but who's going to verify that and when? If you don't use free software, you're a goner because now you have no ability whatsoever to audit the code!
We can't trust the software or the hardware any longer. When the problem runs this deep, what can anyone do? The NSA program has effectively removed my trust with every single U.S. (actually, 5 eyes) based tech company.
I can only imagine what RMS thinks about all of this. If he hadn't fought for so long for free software, we would all truly be up shits creek.
Don't trust proprietary anything. Use free software - it'll be fixed sooner and properly before anything else.