New ask Hacker News story: How much do you trust your Linux distro devs?

How much do you trust your Linux distro devs?
2 by PrimaryAlibi | 0 comments on Hacker News.
I will assume everyone understands the security problem when a build isn't reproducible. In short, just because something is open source, doesn't mean the compiled application you're downloading and installing hasn't had any malicious modules added to it before being compiled. It's not enough for something to be open source, it has to be reproducible as well. I don't think there are any reproducible linux distros. Every one I have looked into requires you to download and install from an image file. That means you must trust the developer who signed that image because they could add all kinds of malicious code to it. We always suspected that winows, mac, android, ios are spyware for the intel agencies and now it has been proven that ios has a backdoor most likely put there by NSA. Why don't we suspect the devs of linux distros to do the same thing? What do we really know about the people signing the image files? do you even know their names? It's also a bit crazy how so many people trust SELinux when its made by NSA. Is this the reason why most people don't bother trying to potect their data from the intel agencies? No one wants them doing their unconstitutional and illegal snooping in our data, them finding out that we like to listen to the rick roll music video but maybe it's simply impossible to prevent that, 100% impossible no matter how hard you try. LSMs won't help us when the distro itself is corrupted. Or do you actually trust that your distro image file that you installed from and any updates later aren't compromised? Tell me which distro you're using and what you know about the devs who sign the image file and updates and why you trust them? Keep in mind they can be forced to compromising the distro and forced to keep silent.

Comments