On Sun, Jan 14, 2024 at 08:37:30PM +0000, Luca Boccassi wrote: > Most definitely wrong. If your threat model is "hardware vendor will > spend hundreds of millions of dollars to get at me" then your cpu > vendor, memory controller vendor, etc etc can do that too, so you > better not use this nor any other type of hardware acceleration, ever. huh, if there's a bug in the firmware to accidently store the encryption key on the drive in plaintext, it doesn't cost anything extra. > The good news is, if you are writing on a Debian bug tracker then you > are not even remotely interesting enough for any hardware manufacturer > to spend even a tiny fraction of that, so it's all good. huh. the Snowden papers explicitly showed that sysadmins and developers are being targeted, to go after "the real targets". I originally didn't want to comment on this bug further, as I am ok with the current wording but saying that people contributing to Debian are "not even remotely interesting" is just wrong. (And the other framing about contributors with maybe minor contributions is also rather wrong, but for other reasons.) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ These heat waves aren’t tragedies, they’re crimes. The fossil fuel industry knew decades ago that this is what their pollution was causing, so they spent billions to lie to the public and block climate action.
Attachment:
signature.asc
Description: PGP signature