LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Does 5.10 is secure? (https://www.linuxquestions.org/questions/linux-general-1/does-5-10-is-secure-4175691794/)

igadoter 03-09-2021 07:57 AM
Does 5.10 is secure?
 
I just found how many commits made Huawei into kernel source. This article makes me laugh https://news.itsfoss.com/huawei-kernel-contribution/ here I read
Quote:
Of course, this is a good reputation for the employers and also says a lot about the companies putting strong effort for Linux Kernel development, which is always a good thing.
but several paragraphs later
Quote:
Due to its close ties with the Chinese Communist Party (CCP), suspicious activities and espionage accusations, Huawei has turned pariah in the tech world today.
:D
I am just paranoic about 5.10 kernel and it seems I try to justify my paranoia. Nonetheless it is good to know. Next step will be to allow commits from CIA, NSA, all kind of Russian secret services :D

Jan K. 03-09-2021 08:20 AM
So... you're saying "bad things" have been placed inside kernel? Like... what?

Something the maintainers let pass?



Any chinese company is owned by chinese government.

hazel 03-09-2021 08:20 AM
I wouldn't trust Huawei further than I could throw them. But given the way that code is scrutinised and chewed over by the kernel hackers, I doubt if they could smuggle in any really bad stuff.

jsbjsb001 03-09-2021 08:22 AM
Well, it's not as if it's hard to find what Huawei has "contributed" to the kernel, and it's not like Windows where the average joe can't see what's there and who's "contributed it".

https://git.kernel.org/pub/scm/linux...=200&showmsg=1

It's also not a good idea to be on the bad side of the CCP if you're a Chinese company, even if you're a billionaire. Ask Jack Ma, oh that's right, where is he?

DavidMcCann 03-09-2021 11:58 AM
And you notice that all the contributions made by Huawei seem to have been checked by a member of the kernel team. Personally, I'd trust Huawei over Google and Oracle any day.

wpeckham 03-09-2021 01:16 PM
If, however, you are really worried you might look into using the BSD kernel and THAT security.

rkelsen 03-12-2021 03:20 AM
Quote:
Originally Posted by igadoter (Post 6228778)
I am just paranoic about 5.10 kernel and it seems I try to justify my paranoia. Nonetheless it is good to know. Next step will be to allow commits from CIA, NSA, all kind of Russian secret services :D
Your fears are unfounded. You have access to the source code. You can chop out the parts you don't want, or simply leave them out of your kernel.

pan64 03-12-2021 07:53 AM
Quote:
Originally Posted by DavidMcCann (Post 6228854)
Personally, I'd trust Huawei over Google and Oracle any day.
hm. I'm not really sure about that.

igadoter 03-12-2021 08:32 AM
I was thinking little. Huawei also manufactures devices. I think that combination kernel on Huawei device can be compromised. Smartfone - on top is Android in the middle Linux kernel + patches needed device to work. All equipment provided for 5g network. Point here is that people trust Linux. So if device runs Linux - it can be trusted. And it can be very difficult to find connections between device provider and Huawei.

hazel 03-12-2021 08:36 AM
Well, that's the firmware, isn't it! It's an old grouse and not only on phones. Computers nowadays come with so many "engines" that the users have no control over whatever. The Linux kernel sits on top of all that and who knows if it is being given correct information, or if its instructions to the hardware are actually executed as intended?


All times are GMT -5. The time now is 05:58 AM.