|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: attempt to plant a back door in the Linux kernel
From: Thor Lancelot Simon (tls
rek.tjls.com)
Date: Tue Nov 11 2003 - 12:08:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Nov 11, 2003 at 01:25:31AM -0600, Andy Isaacson wrote:
>
> Furthermore: when a clone is made of a BitKeeper repository, the
> resulting repository is a fully functional duplicate of its parent.
> Every peer who has downloaded a copy of the Linux BK tree has a complete
> revision history, so there's no master copy to compromise -- if Linus'
> tree were modified by an intruder, he would be able to compare it
> against any other copy of the tree to find the changes. (And in fact,
> Linus has several trees; the ones on his main work machine and the ones
> on kernel.bkbits.net, to start.) It's not completely secure, but BK
> does make the attacker's job enormously more difficult than a
> centralized, there-is-one-repository CVS system.
The above paragraph is almost completely specious; all of the assertions
made about copies of BitKeeper repositories are equally true of copies of
CVS repositories, and the implicaiton that, for example, our CVS repository
is "centralized, there-is-one-repository" and thus somehow more vulnerable
than the Linux BitKeeper repository is quite simply and entirely false.
Thor
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]