public inbox for gentoo-amd64@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-amd64] "For What It's Worth" (or How do I know my Gentoo source code hasn't been messed with?)
@ 2014-08-04 22:04 Mark Knecht
  2014-08-05  5:52 ` [gentoo-amd64] " Duncan
  2014-08-05 19:16 ` [gentoo-amd64] " Frank Peters
  0 siblings, 2 replies; 17+ messages in thread
From: Mark Knecht @ 2014-08-04 22:04 UTC (permalink / raw
  To: Gentoo AMD64

[-- Attachment #1: Type: text/plain, Size: 1863 bytes --]

As the line in that favorite song goes "Paranoia strikes deep"...

<NOTE>
I am NOT trying to start ANY political discussion here. I hope no one will
go too far down that path, at least here on this list. There are better
places to do that.

I am also NOT suggesting anything like what I ask next has happened, either
here or elsewhere. It's just a question.

Thanks in advance.
</NOTE>

I'm currently reading a new book by Glen Greenwald called "No Place To
Hide" which is about Greenwald's introduction to Edward Snowden and the
release of all of the confidential NSA documents Snowden acquired. This got
me wondering about Gentoo, or even just Linux in general. If the underlying
issue in all of that Snowden stuff is that the NSA has the ability to
intercept and hack into whatever they please, then how do I know that the
source code I build on my Gentoo machines hasn't been modified by someone
to provide access to my machine, networks, etc.?

Essentially, what is the security model for all this source code and how do
I verify that it hasn't been tampered with in some manner?

1) That the code I build is exactly as written and accepted by the OS
community?

2) That the compilers and interpreters don't do anything except build the
code?

There's certainly lots of other issues about security, like protecting
passwords, protecting physical access to the network and machines, root
kits and the like, etc., but assuming none of that is in question (I don't
have any reason to think the NSA has been in my home!) ;-) I'm looking for
info on how the code is protected from the time it's signed off until it's
built and running here.

If someone knows of a good web site to read on this subject let me know.
I've gone through my Linux life more or less like most everyone went
through life 20 years ago, but paranoia strikes deep.

Thanks in advance,
Mark

[-- Attachment #2: Type: text/html, Size: 2283 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread
[parent not found: <46751df7496f4e4f97fb23e10fc9f5b4@mail10.futurewins.com>]

end of thread, other threads:[~2014-08-09  1:38 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-04 22:04 [gentoo-amd64] "For What It's Worth" (or How do I know my Gentoo source code hasn't been messed with?) Mark Knecht
2014-08-05  5:52 ` [gentoo-amd64] " Duncan
2014-08-05 18:50   ` Mark Knecht
2014-08-06 21:33   ` Mark Knecht
2014-08-07  0:58     ` Duncan
2014-08-07 18:16       ` Mark Knecht
2014-08-07 19:53         ` Duncan
2014-08-07 21:18         ` Duncan
2014-08-08 18:34           ` Mark Knecht
2014-08-09  1:38             ` Duncan
2014-08-05 19:16 ` [gentoo-amd64] " Frank Peters
2014-08-05 19:57   ` Rich Freeman
     [not found] <46751df7496f4e4f97fb23e10fc9f5b4@mail10.futurewins.com>
2014-08-05 11:36 ` Rich Freeman
2014-08-05 17:50   ` Mark Knecht
2014-08-05 20:36     ` Frank Peters
2014-08-05 23:20       ` [gentoo-amd64] " Duncan
2014-08-06 12:14         ` james.a.elian
2014-08-06 12:14         ` james.a.elian
2014-08-07 15:36     ` [gentoo-amd64] " Max Cizauskas
2014-08-07 16:06       ` Lie Ryan
2014-08-07 17:20         ` [gentoo-amd64] " Duncan
2014-08-07 19:38           ` Mark Knecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox