On 12/23/11 19:10 , Simon Josefsson wrote:
One way to deal with that is to let the probes send in the hash value of its firmware or something similar, which can be used to detect problems like that. And you could prepare "official" reports based only on the probes running "official" firmware. You want untrusted firmware to send a hash value of itself? How do you know it is not lying?
I really think this is orthogonal to releasing source code though. If you haven't built in any security mechanism, people can already do what you appear to be afraid of today.
(From a technical point of view) releasing the source is not an issue. The probes come with key material that allows them to connect to the Atlas infrastructure. In theory you can get that out of the probe. But, you would violate the agreement as a probe host and it would be quite tricky to do. And, you can take over only one probe at a time which has to be in your physical possession. If we would allow 'third party' probes to connect to the Atlas infrastructure then all of that changes. No need to physically obtain a probe. Just download the source, request a key. And start hacking away.