Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #53878

Re: Can I trust downloading Python?

Subject Re: Can I trust downloading Python?
From William Ray Wing <wrw@mac.com>
Date 2013-09-09 12:40 -0400
References (3 earlier) <XsSdnZfDdPBCPbHPnZ2dnUVZ_vidnZ2d@earthlink.com> <mailman.156.1378658357.5461.python-list@python.org> <522d97e1$0$29893$c3e8da3$5496439d@news.astraweb.com> <522DAABA.6040307@gmail.com> <522DF5FA.5090202@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.185.1378744855.5461.python-list@python.org> (permalink)

Show all headers | View raw

On Sep 9, 2013, at 12:23 PM, Michael Torrie <torriem@gmail.com> wrote:

> On 09/09/2013 05:02 AM, Anthony Papillion wrote:
>> But (and this is stepping into *really* paranoid territory here. But
>> maybe not beyond the realm of possibility) it would not be so hard to
>> compromise compilers at the chip level. If the NSA were to strike an
>> agreement with, say, Intel so that every time a compiler ran on the
>> system, secret code was discreetly inserted into the binary, it would be
>> nearly impossible to detect and a very elegant solution to a tough problem.
> 
> Indeed it is really paranoid territory, but now doesn't seem quite as
> far fetched as one originally thought a few years ago!  We'll still
> trust (we have to; we have no other choice), but the level of trust in
> computers in general has certainly gone down a notch and will never
> quite be the same.
> 
> 
> -- 
> https://mail.python.org/mailman/listinfo/python-list

I think that is pretty far fetched.  It requires recognition that a compiler is being compiled.  I'd be REALLY surprised if there were a unique sequence of hardware instructions that was common across every possible compiler (current and future) and which wouldn't (couldn't) exist in arbitrary non-compiller execution, which could be used to trigger insertion of a backdoor.

-Bill

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-07 21:04 -0600
  Re: Can I trust downloading Python? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-09-08 12:32 +0000
    Re: Can I trust downloading Python? "Charles Hottel" <chottel@earthlink.net> - 2013-09-08 12:08 -0400
      Re: Can I trust downloading Python? Chris Angelico <rosuav@gmail.com> - 2013-09-09 02:39 +1000
        Re: Can I trust downloading Python? Steven D'Aprano <steve@pearwood.info> - 2013-09-09 09:41 +0000
          Re: Can I trust downloading Python? Anthony Papillion <papillion@gmail.com> - 2013-09-09 06:02 -0500
          Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-09 10:23 -0600
          Re: Can I trust downloading Python? William Ray Wing <wrw@mac.com> - 2013-09-09 12:40 -0400
          Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-09 10:44 -0600

csiph-web