In comp.os.linux.advocacy, [H]omer
<spam@xxxxxxx>
wrote
on Thu, 26 Apr 2007 18:31:06 +0100
<q747g4-fkh.ln1@xxxxxxxxxx>:
> Verily I say unto thee, that Roy Schestowitz spake thusly:
>
>> "Trusted" Computing
>>
>> ,----[ Quote ]
>> | Do you imagine that any US Linux distributor would say no to the
>> | US government if they were requested (politely, of course) to add
>> | a back-door to the binary Linux images shipped as part of their
>> | products ? Who amongst us actually uses the source code so helpfully
>> | given to us on the extra CDs to compile our own version ?
>
> Me.
>
> Five simple steps to "Trusted Computing":
>
> 1) ... Know the facts <http://www.lafkon.net/tc/>
Hm. Trusted Computing. Nice presentation, if a little
inefficient (6 MB for a video that could probably have been
done in less than 10K or so on a web page -- but would it
have the same impact?).
The gist: who trusts whom with "Trusted Computing"?
And what, exactly, are they defending against?
Viruses? Economic downturns? Governmental antitrust action?
Hmmmm....
:-)
> 2) ... Forget Windows
Ideally, yes. In practice, the 800 pound monopolistic
gorilla is hard to ignore, although hopefully one can
tickle his feet and have him fall off a cliff or something.
> 3) ... Install a community Linux distro
> 4) ... Review the licenses and sources
> 5) ... Update from sources, and audit the diffs
>
> Caveat: Step 4 may take a lifetime, but then you are not alone ... there
> are many eyes auditing the source.
And some distros even require *your computer* to compile
the source -- which can be a pain for big packages (e.g.,
OpenOffice) but can also be a good thing for those who
are a little paranoid.
For example, in Gentoo one can peruse the patched source by simply
# ebuild /usr/portage/somedir/somefile.ebuild unpack
then browse around in the temporary area (specified in
/etc/make.conf, as is the portage tree and distfiles, so
take pathnames here with a grain of salt). This source can
be edited at will, then compiled using 'ebuild compile',
though there are more reliable ways by which to accomplish
what's needed (e.g., local portage packaging).
Licenses in Gentoo are stuck in /usr/portage/licenses.
For its part distros such as RedHat and Fedora provide
source RPMS, which can be used in a build process; it's
a little less integrated, though. Debian's process
is similar to Redhat/Fedora's, but uses .deb files,
basically, structured archives.
I can't speak regarding other distros, as I've not used them.
>
> Recent example:
>
> OpenBSD stole bcm43xx Linux driver (GPL violation):
> http://www.theinquirer.net/default.aspx?article=38746
>
> Open Source is an Open Book, there is no hiding place.
>
--
#191, ewill3@xxxxxxxxxxxxx
Linux. Because it's there and it works.
Windows. It's there, but does it work?
--
Posted via a free Usenet account from http://www.teranews.com
|
|
