Re: Transparency into private keys of Debian

To: fungi@yuggoth.org
Cc: debian-devel@lists.debian.org
Subject: Re: Transparency into private keys of Debian
From: Hans-Christoph Steiner <hans@at.or.at>
Date: Thu, 8 Feb 2024 23:44:21 +0100
Message-id: <[🔎] b29f0170-b58c-4592-a02c-be10aaeb92d1@at.or.at>
In-reply-to: <[🔎] 20240206162232.pahn2kc7x4mlzm3p@yuggoth.org>
References: <[🔎] 20240206162232.pahn2kc7x4mlzm3p@yuggoth.org>


> In business, such things are confirmed (often badly) by independent
> audit. For a volunteer-driven community effort, we have to rely on
> everyone to exercise their best judgement in these sorts of matters.

Debian could also get independent, professional audits. I think it would be agood use of the Debian pot of money, for example. Or someone could submit aproposal to get Debian audited. I'll be either Open Tech Fund or NLnet would do it:


https://www.opentech.fund/labs/red-team-lab/

Open Tech Fund already funds Tails, which is based on Debian.

.hc

Reply to:

Follow-Ups:
- Re: Transparency into private keys of Debian
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Transparency into private keys of Debian
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Re: Transparency into private keys of Debian
  - From: Jeremy Stanley <fungi@yuggoth.org>

Prev by Date: Bug#1063496: ITP: golang-github-rluisr-mysqlrouter-go -- Go client for MySQL router
Next by Date: Re: Transparency into private keys of Debian
Previous by thread: Re: Transparency into private keys of Debian
Next by thread: Re: Transparency into private keys of Debian
Index(es):
- Date
- Thread