• 11 Posts
  • 66 Comments
Joined 6 days ago
cake
Cake day: June 4th, 2025

help-circle
  • The important difference, though, it that Apple offer a service and release software that are black boxes that users and other interested parties cannot examine for backdoors and other issues.

    Canonical release open source software, the vast majority of it actually put together by other parties (like volunteer Debian packagers) and whose checksums are verified, which the FLOSS community can go through with a fine tooth comb.

    On a further note, while the Investigatory Powers Act and what the govt have been doing with it are very concerning, the very fact that we know about the Apple case and the recent XZ Utils backdoor have demonstrated/reminded us that large, well-funded, well-lawyered orgs in their jurisdiction are not the easiest target for intel agencies.

    The true low-hanging fruit, the weakest links in the chain are small, understaffed, underresourced, underappreciated but crucial volunteer projects.

    A. How many packages are there in a major Linux distro like Open SUSE? Thousands? Tens of thousands?

    B. How many developers contribute to those programs and utilities?

    C. How many people packages those programs and utilities?

    D. How many people approve those packages for inclusion in the distro?

    Add up A, B, C & D, and I suspect you end up with a very large number of people. Can Open SUSE (or any distro for that matter) guarantee that just because their distro’s HQ is in country X, that not one of those people is subject to the laws, pressures or inducements of country Y? E.g. how many packages in Open SUSE have some kind of involvement of someone in the UK subject to Investigatory Powers Act? It’s probably greater than zero.

    So while there are benefits to the distro’s HQ being in Germany, I don’t think it’s a guarantee.

    /TED talk