Who checks the integrity of Linux distros?
Is there a company or a coalition of people who inspect the source code of various/popular Linux distros to make sure they aren't doing any malicious such as logging or stealing private data? We all say/believe open source is safer and it is in most cases but are people actually checking the source code of distros to be sure or just taking their word for it?
|
No use woooooooooooorying about that.
Besides. I run ANTIX mostly and trust the developer and and Debian. Slackware users have their own faith in their distro. I am sure if malicious code is found. It will be brought to light quicker than you can say, "Sheesh"! |
Quote:
|
Quote:
I really don't get your point one bit. Anyone? Would you trust the inspecting organization? Especially funded by external resources. Maybe you are a candidate for http://stallman.org/stallman-computing.html and http://www.gnu.org/ I don't know what else to say to you. I am just a ignorant Linux using Biker. Edit: Besides, when a flaw was found in the kernel at kernel.org. It was caught and flashed over the net in record time. I really don't see your point. Your Hardware is probably more compromised with backdoors and stuff from asia where it was manufactured than worrying about the integrity of source code. Do our you trust your phone? Who filters/inspects that? Android? Ya gotta be kidding me. |
Yes people look at the "code" within distros. As an example research AnonymousOS and what happened there. The beauty of Open Source is that the source is open and anyone can look at it and report bugs or other problems, submit patches, fork the code and improve on it.
Your reference to Ubuntu and Unity is, in my opinion, not the norm but then again Ubuntu, Canonical, and Ubuntu users are not the norm anyway. The Ubuntu ecosystem is unfortunately a very strange beast within Open Source and is, in my opinion, the Open Source equivalent to the MS Windows ecosystem. Fanboys believe whatever they are told by those who they look up to for their technology fashions. |
@Altiris - Ask yourself this question. If you were an open source developer, would you risk your reputation, hard work and respect of your peers by doing something offensive that could be easily found by anyone reading the code or simply noticing an odd file or outgoing connection?
A further safeguard is that open source projects generally have multiple developers who inspect and approve each others new code and amendments. |
Yes, in the case of rhel, they independantly get audits done.
http://www.redhat.com/solutions/indu...fications.html Since rhel and those also contributes lots to the kernel and have their kernel based on the kernel at kernel.org, i think it is pretty safe to bet the kernel has been properly audited times over. Not only by peers, but also independants indirectly. |
Not to mention the Debian Foundation, which is a large organization of disparate individuals who constantly examine each other's code. And its all published for anyone to see and use.
|
Quote:
Effectively, nothing would change, at some point you just have to trust someone and the easiest way is to just trust the distro's developers. If you can't do that you are using the wrong distribution. |
Most Linuxes are developed by a community of developers, even if they are commercially soponsored like OpenSUSE and Fedora. You'd have to get everyone in the conspiracy, or run the risk of one of the developers spotting the malicious code and blowing the whistle. Ubuntu, of course, is produced by a team of employees who will do whatever they're paid to.
|
Quote:
Quote:
So as long as you can read code, you don't have to take anybody's word. |
You.
|
If you are so sceptical, just put the computer back in the box. I personally would be more worried about what info they can get legally from my bank and other accounts and all the servers i connect to rather than the operating system. You obviously didn't see the bbc article where they can get info from your machine via wireless even though your machine is not connected to the net.
Oh please rip out your gps in the car too. That probably runs linux but is actually programmed with your favorite routes and past destinations. Oh and phone taps but mail wont solve that issue because they have authority to intercept your mail. Thinking about it. Move to a desolate island, oh sorry, satellites can still spot you. |
BSD, Ufw, IPtables, Firewalled, http://en.wikipedia.org/wiki/Penetration_test, http://sectools.org/,,, and on... :D
|
I don't say open source is safer.
jamison20000e posts the basic correct answer. You have every right and ability to view and test and submit changes. No operating system has been proven resistant. Many very old applications still contain issues. Learning and using as many best practices as you can helps to avoid issues no matter what OS you use. |
All times are GMT -5. The time now is 10:05 PM. |