On Mon, 4 Aug 2014 15:04:12 -0700 Mark Knecht <markkne...@gmail.com> wrote:
> > then how do I know that the > source code I build on my Gentoo machines hasn't been modified by someone > to provide access to my machine, networks, etc.? > There are two approaches to system development that tend to mitigate all security concerns: 1) Highly distributed development 2) Simplicity of design If the component pieces of a system are independently developed by widely scattered and unrelated development teams then there is much less chance for any integrated security attacks. Also, if the overall system remains simple and each component is narrowly focused then the result is better transparency for the user which insures less opportunity for attack. Linux _used_ to adhere to these two principles, but currently it is more and more moving toward monolithic development and much reduced simplicity. I refer especially to the Freedesktop project, which is slowly becoming the centralized headquarters for everything graphical. I also mention systemd, with its plethora of system daemons that obscure all system transparency. >From the beginning, Linux, due to its faithfulness to the above two principles, allowed the user to fully control and easily understand the operation of his system. This situation is now being threatened with freedesktop, systemd, etc., and security attacks can only become more feasible. We, as a community of Linux users, have to adamantly oppose these monolithic projects that attempt to destroy choice and transform Linux into another Microsoft Windows.
