[SLL] Fedora project lead seems to have played role in installing malware for FBI

[Jesse Keating]

On Mon, 2009-04-20 at 15:40 -0700, Glenn Stone wrote:
> There's still a snotload of debate going on over the whole surveillance tool
> thingy.  Had a look at EFF.org lately?  

I tend not to.  The "it's a conspiracy man!" vibe is a little too strong
for me from a lot of the readers/commenters.

> 
> OTOH, it's good to know that said individual isn't the keeper of the keys.
> (One presumes Jesse and his fellow keyholders at least eyeball the code
> before placing their electronic stamp on it....) 

Eh, sadly there is really not enough time in the year to do that.  In
reality it would be far easier to sneak a change in a patch upstream and
let it filter into all the releases than to try and target a
distribution, particularly from the head of the distribution.  But all
code is open and is seen by multiple people.  Doesn't mean that all
those people actually understand what that code is.

>  
> 
> Thanks for chiming in, Jesse.  The additional transparency (who does and
> doesn't have keys) helps.  

No problemo.

-- 
Jesse Keating RHCE      (http://jkeating.livejournal.com)
Fedora Project          (http://fedoraproject.org/wiki/JesseKeating)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
identi.ca               (http://identi.ca/jkeating)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists2.linuxjournal.com/pipermail/linux-list/attachments/20090420/17f62be9/attachment.sig