Refresher on gcc port and the executables

Lawrence Velázquez larryv at macports.org
Sun Sep 8 00:04:00 PDT 2013


On Sep 8, 2013, at 1:56 AM, Tabitha McNerney <tabithamc at gmail.com> wrote:

> Therefore, in light of the very recent leaks, such as the NSA sitting on
> encryption standards committees (NIST, etc.) and intentionally contributing
> suggestions to help create workarounds for their own benefit, and in light
> of the NSA working with vendors (per Bruce's excerpt aforementioned and
> cited), I have to say my boss is looking pretty smart these days and I can
> not help but wonder if Apple's developer tools, which MacPorts depends on,
> could have backdoors planted in them for the NSA.

Has it occurred to your boss that you are using a commercial, mostly-closed-source operating system developed by the same company? Why haven't you all migrated to a Linux distribution or a BSD? If you do not trust Apple enough to use their compilers, it is logically absurd to continue using Apple's operating system on Apple's computers.

> I would suggest the MacPorts community should think about this and evaluate
> what options we may have should we want to wean ourselves off of the Apple
> developer tools.

If we ever do switch to our own toolchain, it will not be because of this type of security concern.

> Could a trojan in Apple's compilers propagate into other tools made and compiled
> for MacPorts?


Probably.

vq


More information about the macports-users mailing list