In the past years a spend a lot of time analyzing the live-bootstrap project. Just this year there was an almost succesfull attempt to get a back-door in ssh which if succesful would have opened all Linux installations. Hackers with evil intentions and government spy organisations have an interest in getting back-doors into Linux. Another pathway is through a modified ‘binary’ of a compiler that, for example, inserts a similar back-door into ssh. During the presentation, I want to talk about the risk of back-doors, why live-bootstrap is relevant, how it works, and what I have found along the route.