dasein wrote:Casual perusal of code is only slightly better than nothing. And a full source audit of any nontrivial code is a mind-numbing, massive, expensive effort.
Of course, none of this is specific to SELinux. It could (and should) be applicable to any complex software, doubly so to gratuitously complex software (*cough*systemd*cough*)
Let me follow your words with a question for everybody: where should we draw the line between trust in integrity, and 360 degree paranoia?
The way I see it, maybe because I'm totally clueless anyway even in auditing the simplest of projects, we got to have some trust at some point, otherwise everything is a potential backdoor.
The world of "linuxes", basically anything not Microsoft or Apple, has grown a solid reputation of being secure and "honest" exactly because of the possibility of peer review that should keep devs honest. It is true, you can't easily audit complex code, but it is like with scientific work, there's only so much one can grasp and verify directly about any given subject: at some point one has to trust the process of peer review even though he or she knows very well how it can be bought or tampered with.
My everyday-man reasoning is that I have all reasons to trust the Debian project for its principles and the way it works, and therefore I trust them not to put shit in my system. I certainly don't delude myself into thinking that they have everything checked out, or that some among them can't be secretly working for the forces of evil, but I trust that they are generally honest with their work and that if something shady is out of their control, it is despite their best efforts.
If it is not that then, as I said, it's paranoia-time, everything becomes a potential backdoor. Why should I trust even the notepad or the icon of my mouse cursor?
And this mindset spread easily beyond operating systems and computers (or the other way around as a matter of fact): anything can become a conspiracy, from clothes to food to medicines to cars to the water we drink and the air we breathe.
Let us all not mistake however, trust in someone for blind trust. Unlike the paranoia that kicks in and throws reason out the window the moment we no longer trust anyone, trust can (and should) still be accorded judiciously.Trust is not just given but earned and kept and lost.
Can we trust Debian?
Either we can and we trust that what they package for us is not knowingly harmful (meaning we accept the risk of them having been deceived as well), or we don't and we need to find someone else to trust.
My two cents obviously.
Take care everybody
