[Cryptography] Security clearances and FOSS encryption?

[Rick Smith, Cryptosmith]

> Date: Fri, 11 Jul 2014 11:41:10 +0100
> From: ianG <iang at iang.org>
> 
> On 8/07/2014 17:27 pm, Rick Smith, Cryptosmith wrote:
>> It should be clear by now from the conversation that holding a security clearance doesn't in general qualify or disqualify someone from working on FOSS.
> 
> I would say, unless your FLOSS project is specifically a target, this is
> probably true.

Could you explain why you say this?

>> ... If someone intentionally subverts a FOSS project as their job representing an intelligence agency, then the agent isn't going to be bragging about security clearances. At least, a competent agent won't.
> 
> Right.  In at least one case I saw, the agent tried to keep the
> relationship a secret, citing privacy concerns.  This was intentional.

Of course.

Do FOSS projects only admit participants whose identities can be verified? Or can they be vouched by previously trusted participants? (Transitivity again). 

Should we argue that people who keep elements of their life private shouldn't be trusted to participate in FOSS projects?

>> In any case, it comes down to a single solution - assurance through multi-person control. Teamwork for system maintenance, teamwork for code review, teamwork for everything. Human error and incompetence are bigger risks, and we can reduce the risks with the same mechanism.
> 
> 
> Yup, it comes down to modifying your existing systems to cope with a
> novel attack vector, more or less.  If they don't already cope with the
> approximate attack then that's likely because you don't care.

Is source code subversion a "novel attack vector" for FOSS projects? I thought it was a generally recognized one for all software development today. I acknowledge that there are novel ways to subvert crypto. It might be easier to do and harder to detect.

Rick.