Reply to post: Re: But why are they inspecting the source code?

You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you

Anonymous Coward
Anonymous Coward

Re: But why are they inspecting the source code?

It *should* be, the checksum of the firmware applied should match one compiled from the inspected source tree.

Except, from what I know of this process being followed for various vendor's sources, it could be a mess of dependencies and fudges, so arriving at a matching checksum to the supplied firmwares would be a very expensive and fraught exercise by which time the firmware version supported would be several releases ahead and carry important security fixes*. And the amount of people this source would be disclosed to is very very small and could be suggested to have been undertaken simply as a box ticking exercise on a requirement.

*you know, those security fixes for bugs that for eg Huawei have never had, because they keep all their customers under NDA as part of the pricing contract.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019