On 1/15/07, Claude Jones <claude_jones@xxxxxxxxxxxxxx> wrote:
On Mon January 15 2007 8:03 am, Andrew Parker wrote: > I've spent a good 10-15 hours a week developing selinux for the last > year or so, and have quite a detailed understanding of the code > there. I can assure you now that I have never seen anything that > looks like a back door in any of the code. > > I also work for the NSA. > > That is how it could be hidden. A few developers saying this, but > without the previous paragraph. Andrew: My intent in posting that link was not to cast aspersions on you or Stephen Smalley or any of the other NSA personnel involved in the Selinux
Sorry Claude, I did wonder when I wrote that if it was going to be misconstrued. My point was that if somebody (or a number of people) spoke up and vouched for the code, how would we know that they were legit? They could have been working for the NSA, added the code themselves, then vouched for themselves (as it would be in their best interests) and we would be none the wiser. These 'facts' may then stop others checking the code, and maybe we would never be any wiser. BTW, I do not/have not ever worked for the NSA, I was just trying to illustrate a point - how can trust those that may speak up and say that its ok? You are right to question it though. It is something that should be questioned on a regular basis too - if t he code changes, back doors can be added. Also, is my memory unreliable, or did selinux actually start out at the NSA?
