Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!eweka.nl!lightspeed.eweka.nl!194.109.133.86.MISMATCH!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <torriem+gmail@torriefamily.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.095
X-Spam-Evidence: '*H*': 0.81; '*S*': 0.00; 'subject:Python': 0.06; 'compiler': 0.07; 'insertion': 0.09; 'cc:addr:python-list': 0.11; "wouldn't": 0.14; 'from:addr:torriem': 0.16; 'from:name:michael torrie': 0.16; 'nsa': 0.16; 'wing': 0.16; 'wrote:': 0.18; 'things.': 0.19; 'cc:addr:python.org': 0.22; 'header:User- Agent:1': 0.23; 'cc:2**0': 0.24; 'cc:no real name:2**0': 0.24; 'source': 0.25; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'points': 0.29; 'agreed.': 0.31; 'ray': 0.31; 'open': 0.33; "i'd": 0.34; 'could': 0.34; 'common': 0.35; 'there': 0.35; 'really': 0.36; 'sequence': 0.36; 'done': 0.36; 'possible': 0.36; 'subject:?': 0.36; 'being': 0.38; 'message-id:@gmail.com': 0.38; 'received:org': 0.40; 'algorithms': 0.60; 'subject:Can': 0.60; 'most': 0.60; 'free': 0.61; 'hardware': 0.61; 'companies': 0.62; 'such': 0.63; 'skip:n 10': 0.64; 'more': 0.64; 'social': 0.69; 'william': 0.81; 'recognition': 0.84; 'resistant': 0.84; 'execution,': 0.91; 'to:none': 0.92
X-Virus-Scanned: amavisd-new at torriefamily.org
Date: Mon, 09 Sep 2013 10:44:33 -0600
From: Michael Torrie <torriem@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20130105 Thunderbird/10.0.12
MIME-Version: 1.0
CC: python-list@python.org
Subject: Re: Can I trust downloading Python?
References: <CAOO2PexT3XagV4u7ScDiZgifZjzapt9cem9W+3Bag1CBrsnMpA@mail.gmail.com> <mailman.150.1378609508.5461.python-list@python.org> <522c6e4e$0$29988$c3e8da3$5496439d@news.astraweb.com> <XsSdnZfDdPBCPbHPnZ2dnUVZ_vidnZ2d@earthlink.com> <mailman.156.1378658357.5461.python-list@python.org> <522d97e1$0$29893$c3e8da3$5496439d@news.astraweb.com> <522DAABA.6040307@gmail.com> <522DF5FA.5090202@gmail.com> <23C93617-F6EC-422F-B8B3-BA97F60D3321@mac.com>
In-Reply-To: <23C93617-F6EC-422F-B8B3-BA97F60D3321@mac.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.186.1378745080.5461.python-list@python.org>
Lines: 13
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1378745080 news.xs4all.nl 15976 [2001:888:2000:d::a6]:57462
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:53879

On 09/09/2013 10:40 AM, William Ray Wing wrote:
> I think that is pretty far fetched.  It requires recognition that a
> compiler is being compiled.  I'd be REALLY surprised if there were a
> unique sequence of hardware instructions that was common across every
> possible compiler (current and future) and which wouldn't (couldn't)
> exist in arbitrary non-compiller execution, which could be used to
> trigger insertion of a backdoor.

Agreed.  Most of the damage done by the NSA is in the realm of social
engineering more than technical.  IE they compromise companies more than
the algorithms themselves.  The end points always are the weak things.
And yes, Free software that is open source is more resistant to such
tampering.