On Fri, Apr 04, 2014 at 07:27:36PM -0400, Paul R. Tagliamonte wrote:
> +1 russ.
> This is true of the dropbox daemon too. Are we to throw out DDs with dropboxd
> installed? Wine?
...skype, steam, flashplugin-nonfree[1].
Code git-cloned without checking signatures on tags[2] or doing some
auditing[3].
Random cool vim plugins git pulled from random people on github with
fancy selfies[4].
ssh -X or -Y to a remote host, then run X apps.
I've recently got worried about common practices I see around me, and
started considering running a "Hardening Debian Development" BOF at the
next Debian event I'm going to participate. The intention would be to
see how to address those issues, but with a strong awareness on
usability[5].
Ciao,
Enrico
[1] for example, https://lists.debian.org/debian-vote/2014/03/msg00246.html
skype and adobe can be trusted or course, it's not as if some random
government wouldn't have motivation and means to tweak with their
code.
[2] As if people nowadays signed their tags. Or tagged releases. Or
released at all. Who needs QA? Code review? The coolest features are
in master, implemented an hour ago.
[3] http://underhanded.xcott.com/
[4] luckily, this is disabled by default, but hell if I found a warning
about it: https://github.com/scrooloose/syntastic/blob/master/syntax_checkers/html/w3.vim
(also found in /usr/share/vim/addons/syntax_checkers/html/w3.vim)
[5] https://www.schneier.com/blog/archives/2009/08/security_vs_usa.html
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature