/sec/ - Security and Privacy

>>8
>>9
Do you have a whitepaper on hand concerning non-meme distros? Also share information don't just act all cool and leet with no actual content.

>>7
What is a "binary attack"?

>>11
take source that is mandated to have a backdoor in it add that backdoor as a compiler option that isnt enabled by default but pushed in for the official binaries to fulfill that legal requirement then you have a "binary attack" it can also be enabled by default
>>10
distros shouldnt have white papers and the term is a joke even for the bsds use what works for you
if anything should really be said about (((gentoo the distro))) its being longtime compromised and the cia irc cabal i dont see a point in posting that here but kicking out the original dev is always bad are its ideas horrid well no you dont know what major products use gentoo and how good it is at releng compared to everything else opensource
id post something if kelvinchan supported plain/text but in the case of a compile only system you still are effected by compiler traps that have existed from the 80s reproducible binaries doesnt stop this as those reproducible binaries have the same compiler traps since every compiler you used has the same lineage no shoving norm compilers into multiple ics and waiting a decade for a reproducible binary doesnt work

>>12
>[implement backdoor as] a compiler option that isnt enabled by default but pushed in for the official binaries to fulfill that legal requirement then you have a "binary attack" it can also be enabled by default
Any examples of that?

>>13
https://blog.stalkr.net/2010/06/unrealircd-3281-backdoored.html this is claimed as a comprise of the official binaries but its pretty close its a good way to hide something like this and makes it look like an accident
if you want the "legal requirement" part thats going to take some digging into the era of paper clip or getting info past a gag order