[CentOS] Can we trust RedHAt encryption tools?

Thu Jan 9 21:27:15 UTC 2014
Kanwar Ranbir Sandhu <m3freak at thesandhufamily.ca>

On 2014-01-06 11:28, James B. Byrne wrote:
> I believe that the issue is of pressing interest to the entire 
> community and I
> would like to read what others have to say on the matter.

I think everyone should assume the entire ecosystem is compromised and 
shouldn't trust anything.  Code should be reviewed and bugs/weaknesses 
removed IMMEDIATELY.  The problem is obviously not everyone is a 
programmer and not everyone will have the knowledge to understand how to 
fix/improve the security issues.  Of course, some software is still 
good, but who's going to verify that and when?  If you don't use free 
software, you're a goner because now you have no ability whatsoever to 
audit the code!

We can't trust the software or the hardware any longer.  When the 
problem runs this deep, what can anyone do?  The NSA program has 
effectively removed my trust with every single U.S. (actually, 5 eyes) 
based tech company.

I can only imagine what RMS thinks about all of this.  If he hadn't 
fought for so long for free software, we would all truly be up shits 
creek.

Don't trust proprietary anything. Use free software - it'll be fixed 
sooner and properly before anything else.



-- 
Kanwar Ranbir Sandhu