India cites security concerns, blocks Huawei bid to expand their indian ops

• Previous message (by thread): India cites security concerns, blocks Huawei bid to expand their indian ops
• Next message (by thread): India cites security concerns, blocks Huawei bid to expand their indian ops
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Requesting the source code and/or having access to it is really
> meaningless unless you have the skill and capabilities to compile it
> *and* use it.  There is no sure way to know that the source code in your
> left hand is what was used to compile the binary in your right hand.

Even if you compile your left hand into your right hand.  See Ken Thompson's
"Reflections On Trusting Trust" (http://www.acm.org/classics/sep95/).  To
complete the references, Reference 4 ("An unknown Air Force document") is
Karger & Schell's paper on a Multics pen-test, which is available at
http://www.acsac.org/2002/papers/classic-multics-orig.pdf

Karger and Schell did a "30 years later" retrospective, also available at
http://www.acsac.org/2002/papers/classic-multics.pdf

Between the India/Huawei thing and the MS05-039 mess, this is a good time for
everybody who hasn't read all 3 of them to read them - under 40 pages for all 3,
and the 24 pages of the first Karger&Schell you can probably skim.....)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050817/6af2a6c4/attachment.sig>

• Previous message (by thread): India cites security concerns, blocks Huawei bid to expand their indian ops
• Next message (by thread): India cites security concerns, blocks Huawei bid to expand their indian ops
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]