this post was submitted on 07 Jan 2025

622 points (96.8% liked)

linuxmemes

22763 readers

617 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

Instance-wide TOS: https://legal.lemmy.world/tos/
Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html

2. Be civil

Understand the difference between a joke and an insult.

Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".

Don't get baited into back-and-forth insults. We are not animals.

Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.

Bigotry will not be tolerated.

These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.

3. Post Linux-related content

Including Unix and BSD.

Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.

No porn. Even if you watch it on a Linux machine.

4. No recent reposts

Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.

5. 🇬🇧 Language/язык/Sprache

This is primarily an English-speaking community. 🇬🇧🇦🇺🇺🇸

Comments written in other languages are allowed.

The substance of a post should be comprehensible for people who only speak English.

Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.

Please report posts and comments that break these rules!

Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

founded 2 years ago

MODERATORS

[email protected]

622

Kinda sus... (lemmy.world)

submitted 1 month ago by [email protected] to c/[email protected]

74 comments fedilink hide all child comments

The NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000.[6] The software was merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Red Hat, Network Associates, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions.

https://en.wikipedia.org/wiki/Security-Enhanced_Linux

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 1 month ago (2 children)

Wasn't Signal messenger also funded by the NSA+DARPA? And TOR too?

Anti Commercial-AI license

[–] [email protected] 13 points 1 month ago* (last edited 1 month ago) (2 children)

Signal is weird about actually allowing others to reproduce the APK builds.

Specifically, they are the kind of weird about it that one would expect if the Signal client app had an NSA back-door injected at build time.

This doesn't prove anything. It just stands next to anything and waggles it's eyebrows meaningfully.

[–] [email protected] 8 points 1 month ago (1 children)

Do you have more recent information by Signal on the topic? The GitHub issue you linked is actually concerned with publicly hosting APKs. They also seem to have been offering reproducible builds for a good while, though it's currently broken according to a recent issue.

[–] [email protected] 5 points 1 month ago* (last edited 1 month ago)

I had a hard time choosing a link. Searching GitHub for "F-Droid" reveals a long convoluted back-and-forth about meeting F-Droid's requirements for reproducible builds. Signal is not, as of earlier today, listed on F-Droid.

F-Droid's reproducibility rules are meant to cut out the kind of shenanigans that would be necessary to hide a back door in the binaries.

Again, this isn't proof. But it's beyond fishy for an open source security tool.

Edit: And Signal's official statements on the topic are always reasonable - but kind of bullshit.

Reasonable in that I alwould absolutely accept that answer, if it were the first time that Signal rejected a contribution to add it to F-Droid.

Bullshit in that it's been a long time, lots of folks have volunteered to help, and Signal still isn't available on F-Droid.

[–] [email protected] 5 points 1 month ago

no. and tor was originally funded by the navy…
….