Comment by bluesnowmonkey
4 years ago
Open source runs on trust, of both individuals and institutions. There’s no alternative. Processes like code review can supplement but not replace it.
4 years ago
Open source runs on trust, of both individuals and institutions. There’s no alternative. Processes like code review can supplement but not replace it.
So my question is, what is a kernel? Is it a security project? Should security products rely on trust, or assume malicuous intent?
Open source products rely on trust. There is no way to build a trust-less open source product. Of course, the old mantra of trust, but verify is very important as well.
But the linux kernel is NOT a security product - it is a kernel. It can be used in entirely disconnected devices that couldn't care less about security, as well as in highly secure infrastructure that powers the world. The ultimate responsibility of delivering a secure product based on Linux lies with the people delivering a secure product based on the kernel. The kernel is a essentially library, not a product. If someone is assuming they can build a secure product by trusting Linux to be "secure" than they are simply wrong, and no amount of change in the Linux dev process will fix their assumption.
Of course, you want the kernel to be as secure as possible, but you also want many other things from the kernel as well (it should be featureful, it should be backwards compatible with userspace, it should run on as many architectures as needed, it should be fast and efficient, it should be easy to read and maintain etc).