Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a company or a coalition of people who inspect the source code of various/popular Linux distros to make sure they aren't doing any malicious such as logging or stealing private data? We all say/believe open source is safer and it is in most cases but are people actually checking the source code of distros to be sure or just taking their word for it?
Besides. I run ANTIX mostly and trust the developer and and Debian. Slackware users have their own faith in their distro. I am sure if malicious code is found. It will be brought to light quicker than you can say, "Sheesh"!
Besides. I run ANTIX mostly and trust the developer and and Debian. Slackware users have their own faith in their distro. I am sure if malicious code is found. It will be brought to light quicker than you can say, "Sheesh"!
So you would just take anyone's word for it? If nobody is checking the code how do you know they are keeping their word? When people found out about Ubuntu and unity search collecting I for one believe that this wasn't discovered by looking in the code, there was a "Legal Notice" on the bottom right of the unity search. What I'm getting at is that nobody is actually inspecting code. Unless there's an organization that is doing so?
So you would just take anyone's word for it? If nobody is checking the code how do you know they are keeping their word? When people found out about Ubuntu and unity search collecting I for one believe that this wasn't discovered by looking in the code, there was a "Legal Notice" on the bottom right of the unity search. What I'm getting at is that nobody is actually inspecting code. Unless there's an organization that is doing so?
People pay for WHATEVER Mac and Windows sells as a operating system and their is no source code to inspect.
I don't know what else to say to you. I am just a ignorant Linux using Biker.
Edit: Besides, when a flaw was found in the kernel at kernel.org. It was caught and flashed over the net in record time. I really don't see your point. Your
Hardware is probably more compromised with backdoors and stuff from asia where it was manufactured than worrying about the integrity of source code. Do our you trust your phone? Who filters/inspects that? Android? Ya gotta be kidding me.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Yes people look at the "code" within distros. As an example research AnonymousOS and what happened there. The beauty of Open Source is that the source is open and anyone can look at it and report bugs or other problems, submit patches, fork the code and improve on it.
Your reference to Ubuntu and Unity is, in my opinion, not the norm but then again Ubuntu, Canonical, and Ubuntu users are not the norm anyway. The Ubuntu ecosystem is unfortunately a very strange beast within Open Source and is, in my opinion, the Open Source equivalent to the MS Windows ecosystem. Fanboys believe whatever they are told by those who they look up to for their technology fashions.
@Altiris - Ask yourself this question. If you were an open source developer, would you risk your reputation, hard work and respect of your peers by doing something offensive that could be easily found by anyone reading the code or simply noticing an odd file or outgoing connection?
A further safeguard is that open source projects generally have multiple developers who inspect and approve each others new code and amendments.
Since rhel and those also contributes lots to the kernel and have their kernel based on the kernel at kernel.org, i think it is pretty safe to bet the kernel has been properly audited times over. Not only by peers, but also independants indirectly.
Not to mention the Debian Foundation, which is a large organization of disparate individuals who constantly examine each other's code. And its all published for anyone to see and use.
So you would just take anyone's word for it? If nobody is checking the code how do you know they are keeping their word? When people found out about Ubuntu and unity search collecting I for one believe that this wasn't discovered by looking in the code, there was a "Legal Notice" on the bottom right of the unity search. What I'm getting at is that nobody is actually inspecting code. Unless there's an organization that is doing so?
Even if there was some group inspecting code for malicious things, you still would have to take their word that they did not "forget" to tell you about a problem in the code. You would just move your trust from the distro's developers to some other guy working for that group. You just would need another group, inspecting the work of the first group, and another group that inspects the work of the second group, ... .
Effectively, nothing would change, at some point you just have to trust someone and the easiest way is to just trust the distro's developers. If you can't do that you are using the wrong distribution.
Most Linuxes are developed by a community of developers, even if they are commercially soponsored like OpenSUSE and Fedora. You'd have to get everyone in the conspiracy, or run the risk of one of the developers spotting the malicious code and blowing the whistle. Ubuntu, of course, is produced by a team of employees who will do whatever they're paid to.
Is there a company or a coalition of people who inspect the source code of various/popular Linux distros to make sure they aren't doing any malicious such as logging or stealing private data? We all say/believe open source is safer and it is in most cases but are people actually checking the source code of distros to be sure or just taking their word for it?
The largest inspection is crowd sourced. Anyone who has the ability to read code (and there are a lot of random people who can) has the ability to inspect it. The "many eyes" approach is one of the principles behind the open source.
Quote:
When people found out about Ubuntu and unity search collecting I for one believe that this wasn't discovered by looking in the code, there was a "Legal Notice" on the bottom right of the unity search.
It was "discovered" by Canonical announcing it, wasn't it? That just means that Ubuntu was transparent about what they were actually doing. There isn't a problem here. And still, anyone who wants to inspect the code can do so by checking it out from, say, packages.ubuntu.com.
So as long as you can read code, you don't have to take anybody's word.
If you are so sceptical, just put the computer back in the box. I personally would be more worried about what info they can get legally from my bank and other accounts and all the servers i connect to rather than the operating system. You obviously didn't see the bbc article where they can get info from your machine via wireless even though your machine is not connected to the net.
Oh please rip out your gps in the car too. That probably runs linux but is actually programmed with your favorite routes and past destinations. Oh and phone taps but mail wont solve that issue because they have authority to intercept your mail.
Thinking about it. Move to a desolate island, oh sorry, satellites can still spot you.
jamison20000e posts the basic correct answer. You have every right and ability to view and test and submit changes.
No operating system has been proven resistant. Many very old applications still contain issues. Learning and using as many best practices as you can helps to avoid issues no matter what OS you use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.