On Friday, Roy Schestowitz posted an article on Techrights which seems to accuse Red Hat of being in cahoots with the NSA. According to the article, the company has been building back doors into RHEL for the spy agency. However, the article appears to be long on accusations and short on proof.
I like both Techrights and Schestowitz. Both are controversial and that’s part of what I like about them. However, before making accusations it’s nice to have at least a few facts to back them up.
The article attempts to make the case for using CentOS over RHEL. Indeed, many of us who’re short on bucks and can’t afford Red Hat’s expensive support subscriptions are already using CentOS in server environments. We use it here at FOSS Force to serve web pages? Why? Because not only does CentOS have an extremely capable development team, the distro is in most ways a clone of Red Hat, which means the CentOS development team is able to leverage Red Hat’s research and development and incorporate it into their distro.
“We trust CentOS, whereas trusting Red Hat is hard. RHEL is binary and based on news from half a decade ago, the NSA is said to be involved in the building process, as well as SUSE’s, whereas CentOS is built from source (publicly visible). Microsoft and the NSA do the same thing with Windows and it’s now confirmed that Windows has NSA backdoors.”
Have you ever compiled a distro from source? Me neither. However, as far as I can tell, the source code for all versions of RHEL is available on the Red Hat website. While it’s true that Red Hat isn’t as transparent as they once were with patches, this was brought about by Oracle’s attempts to steal their business. They’ve been very careful, however, to remain compliant with the terms of the GPL.
Note that Schestowitz says “the NSA is said to be involved in the building process…” Said by whom? No link or explanation is offered. It’s true that Red Hat offers a version of the SELinux kernel, which was developed in part by the NSA, but that doesn’t mean they’re colluding with the spy agency.
“RHEL and its derivatives continue to be deployed in many large networks of systems , so it’s clear why the NSA would drool over the possibility of back doors in RHEL. Watch out for that. Given the way NSA infiltrated standards bodies and other institutions, it’s not impossible that there are even moles at Red Hat or Fedora.”
Just as there could be moles within any business organization.
Is Red Hat secretly working with the NSA to build back doors into their products? I don’t think so. As far as I can tell, the company is the best of breed when it comes to big business and Linux. The company seems to be a very good open source citizen.
However, if they are up to dirty tricks, I want to know about it. But show me some facts. Don’t just make unfounded accusations.