Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 25 May 2006, Luca Capello uttered the following:
> Hello!
>
> On Thu, 25 May 2006 15:39:44 +0200, Henrique de Moraes Holschuh wrote:
>> On Thu, 25 May 2006, Manoj Srivastava wrote:
>>> It has come to my attention that Martin Kraff used an
>>> unofficial, and easily forge-able, identity device at a large key
>> [...]
>>
>> Should you not have *signed* a message of this sort? I certainly
>> won't do anything until I know for sure it came from you. And
>> preferably, we need to hear Martin's side as well, before doing
>> anything hasty (like either signing keys, or revoking signatures of
>> keys).
>
> FYI, Martin's explanation is at [1], which passed on Planet Debian.
Explanation? What we have here is an act of bad faith, in the
guise of demonstrating a weakness. In my experience, one act of bad
faith often leads to others.
What we have here is cracking the KSP. Cracking a KSP is of no
big account; they are fragile things to start with. And then there
is the brag about the exploit, which is again sterotypical of
crackers. Cracks are done for bragging rights, and thinly vieled as
being done for the users own good (I defaced your web site to show
you you need better security).
But cracking the KSP is not earn very many bragging rights. So
what's next? Cracking the NM by sending in fake candidates? Or
perhaps cracking the legendary reputation that Debian has for
solidity by passing in a back door? Now that would be a crack worth
bragging about.
manoj
--
The chat program is in public domain. This is not the GNU public
license. If it breaks then you get to keep both pieces. (Copyright
notice for the chat program)
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: