As the line in that favorite song goes "Paranoia strikes deep"...
<NOTE> I am NOT trying to start ANY political discussion here. I hope no one will go too far down that path, at least here on this list. There are better places to do that. I am also NOT suggesting anything like what I ask next has happened, either here or elsewhere. It's just a question. Thanks in advance. </NOTE> I'm currently reading a new book by Glen Greenwald called "No Place To Hide" which is about Greenwald's introduction to Edward Snowden and the release of all of the confidential NSA documents Snowden acquired. This got me wondering about Gentoo, or even just Linux in general. If the underlying issue in all of that Snowden stuff is that the NSA has the ability to intercept and hack into whatever they please, then how do I know that the source code I build on my Gentoo machines hasn't been modified by someone to provide access to my machine, networks, etc.? Essentially, what is the security model for all this source code and how do I verify that it hasn't been tampered with in some manner? 1) That the code I build is exactly as written and accepted by the OS community? 2) That the compilers and interpreters don't do anything except build the code? There's certainly lots of other issues about security, like protecting passwords, protecting physical access to the network and machines, root kits and the like, etc., but assuming none of that is in question (I don't have any reason to think the NSA has been in my home!) ;-) I'm looking for info on how the code is protected from the time it's signed off until it's built and running here. If someone knows of a good web site to read on this subject let me know. I've gone through my Linux life more or less like most everyone went through life 20 years ago, but paranoia strikes deep. Thanks in advance, Mark
