Jaromil, you can't be serious about the dyne security...
Complaining about security and bragging when dyne.org doesn't generally
force ssl (dyne.org, git.dyne.org, ), and implements plenty of spyware
in the form of google scripts (because their cdn and stats rock so
much). :-P. That spyware is the red carpet for the "statehats", you know
it and been known for *ages*.
Regarding the article I think this is a bit of fud..., everyone taking
the opportunity to bash on legitimate efforts.
I'm also wary of how debian has been compromised in the past sometimes
due to stupid mistakes probably deniable sabotage.
But this holds true to other distros, as well. We're probably being
mostly owned *upstream* where it's more profitable (how many little
things are being found in cryptography packages lately?).
Regarding the latest ssl apocalypse, this is affecting most distros...
freebsd including. And debian squeeze "not affected", we had the
security update readily available as soon as the problem was known.
Anyways what this is telling us is: Don't trust the server, don't trust
the admins, don't trust the coders, audit the code. Extend and reinforce
the webs of trust.
Kisses!!!!!
On 10/04/14 09:00, Jaromil wrote:
> On April 9, 2014 11:23:44 PM CEST, epsylon <epsylon@???> wrote:
>> https://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/
>> _______________________________________________
>> unSYSTEM mailing list: http://unsystem.net
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
> i was at the talk by Paul at fosdem and muzt say i felt vry happy to hear the community is becoming conscious of such dynamics, some of us were considered paranoid when mentioning them in the past.
>
> the web of trust cant hold well when is so big. imho to preserve the integrity of systems being developed is better to adopt an artisanal approach with a few people (and tight knit with upstream if its a distro), rather than let everything pass through a gigantic apparatus of pseudo-democracy that opens to such vulnerabilities as well favors mediocrity and lobbyst approaches on the long term.
>
> one more reason to go for decentralization!
>
> the little reassurance we can have now here, for those using mutt on debian/ubuntu: the maintainer of the package is one of our crew at dyne and extra attention has been used for its integrity.
>
> for cloud services we'll be going the docker.io way, i recommend giving it a spin and share some repos and receipts maybe.
>
>