Re: The internet is fixated on this 'secret tunnel' type of backdoor idea which is pointless...
> Its too bad you can't run some similar software...you know, have an OS and other programs that
> you can compile yourself and verify if "backdoors" are there or not.
Let's take a minimized debian netinstall from CDs. Strip out everything and what you've got is 209.7MB of binaries on your hard drive after install.
Now, that's compiled binary code. The actual source that compiled down to the 209.7MB is going to run to more like about 4.2GB or, to put it in terms that actually make sense to a human being, about 4,200,000,000 characters of C++ which taking an arbitrary 180 characters per line (and whitespace is extra so I'm ignoring it) will be approximately 52,500,000 lines of code to read through and fully understand the operation of in context to every other line and obviously, a complete encyclopaedic knowledge of the relevant RFCs and where relevant, cryptographic algorithms to know whether or not you have a secure system. With no GUI or any userland programs installed.
People talk about how open source is safe because it's open. It's not safe unless you both read and understand it. Relying on somebody else to do that for you is the absolute inherent basic root of insecurity. If you do it yourself, then you can say it's secure but why should I believe you? Are you infallible?