Re: Preventing government subversion in Debian, verification of binary package uploads

To: debian-devel@lists.debian.org
Subject: Re: Preventing government subversion in Debian, verification of binary package uploads
From: Russ Allbery <rra@debian.org>
Date: Sat, 24 Aug 2013 14:58:29 -0700
Message-id: <[🔎] 87txieu4xm.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 52192992.6070605@gmail.com> (Thomas Hood's message of "Sat, 24 Aug 2013 23:45:54 +0200")
References: <[🔎] 52192992.6070605@gmail.com>

Thomas Hood <jdthood@gmail.com> writes:

> If a Debian contributor were faced with a demand to do something that
> undermines the privacy or other interests of Debian users then I would
> hope and expect that the contributor would choose instead to cease being
> a contributor. Were he not to do so then he would have to be regarded as
> an infiltrator.

> Here I assume that U.S. law is not so draconian that it can require
> someone who has contributed to Debian (and who is therefore trusted) to
> continue doing so.

I believe that assumption is not correct based on previous things that
have happened with National Security Letters from the small amount of
public information that people have been able to gather.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Preventing government subversion in Debian, verification of binary package uploads
  - From: Philip Ashmore <contact@philipashmore.com>

References:
- Re: Preventing government subversion in Debian, verification of binary package uploads
  - From: Thomas Hood <jdthood@gmail.com>

Prev by Date: Re: Preventing government subversion in Debian, verification of binary package uploads
Next by Date: Re: Preventing government subversion in Debian, verification of binary package uploads
Previous by thread: Re: Preventing government subversion in Debian, verification of binary package uploads
Next by thread: Re: Preventing government subversion in Debian, verification of binary package uploads
Index(es):
- Date
- Thread