Hacker News new | past | comments | ask | show | jobs | submit login

That doesn't really answer the question. How do we know all of the reviewers are uncompromised?



This is called a chain of trust. You assume an unhealthy amount of tinfoil when someone suggests full chain compromise and move on with your life.


They have caught naughty pull requests before. I guess it's a multiple eyes thing.

Certainly better than closed source Windows 10 and OSX.


I recall one famous one of quite a few years ago which looked suspiciously backdoor-ish (= instead of == IIRC), but can you provide a link to more?


https://news.ycombinator.com/item?id=24106213


One could imagine a sophisticated attack involving multiple patches to different subsystems at different times, that eventually converge into a Voltron-like monster once they’re all inside the kernel.


Potentially. However that also leaves a larger attack-surface, in the sense that more patches = even more scrutiny. Conceivably such a scheme would require all parts to be included (I mean, why make it larger than necessary?), so it would be extremely fragile to any single maintainer seeing the potential for abuse and correcting it.


> (I mean, why make it larger than necessary?), so it would be extremely fragile to any single maintainer

You answered your own question. :)


Your selected misquoting doesn’t help. A large attack surface increases the number of eyes.


> Certainly better than closed source Windows 10 and OSX.

How can you tell?


By looking at it, literally.


How can you compare?


Can know for sure vs nobody knows. The comparison is clearly in favor of Linux.


The windows source code is actually readable for very large organizations and governments.


But can they build it and run it? Or do they have to trust the code is current and matches the binaries?


I would belive so. Probably possible to compile and debug but not distribute. There is little information about it. https://www.microsoft.com/en-us/sharedsource/


But not the White hat hacking world.


> Can know for sure

can know what -- that there isn't a backdoor? I can look at Linux source all day and not find the answer to that.


We, as a community, can.

One dedicated person, can.


> The comparison is clearly in favor of Linux.

Magnitudes of more people use Windows and macOS than Linux* and they have yet to fail catastrophically.

* not counting servers and embedded


There are far more devices running Linux in the world than Windows & macOS combined. That would seem to be a much more useful comparison than how many people own those devices.

Parent post was updated to say "not counting servers and embedded", but dismissing smartphones -- literally the most popular type of personal computing device in the world -- this way seems to completely invalidate the point.


I dunno, why do you say that?


The parent thread was about possible backdoors; more devices running a piece of software = more surface area for any possible backdoor in that software.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: