[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Aw: Re: Re: Unit 193: Declaration of intent

NSA doesn't use 0day I heard, only the kiddies got that as homepage ;-)
 
 
and they're below legal hire age...
 
now I should probably secure my systems.... ah
 
who got security updates on these days... if you can save an upgrade or two, you save yourself time
 
 
well nicknames could work too...
i admit i may have been quick with saying it can't work... and i did allow for other possibilities in the end
not sure if it is just a fake request or real... dont know the guy
 
but it seems much developing is on irc etc., and people do stuff on irc and stuff, with nicknames and stuff
and the person may actually be named unit193 for real, having adopted an irc name and all
in which case it would be impolite to refuse him/her their name
 
security is an illusion after all
so why do we use it.... i wonder sometimes
 
i was thinking of only using rs232 on my servers... then i could hunt down people
but nsa would just pick up my servers*
 
that makes me mad
 
 
** assuming i did something wrong, but i never did anything wrong
 
 
there is nothing inherently insecure about nicknames
and nicknames are more irc friendly etc.
may get more newcomers into project easier....
 
i suppose it's easy to beleive in security by obscurity.... that if we have a real name, and people really know the person, that we can trust...
 
but might still be fake people signing each other's keys for years, at a fake company
 
Gesendet: Mittwoch, 13. Juli 2016 um 14:44 Uhr
Von: "Paul Tagliamonte" <paultag@debian.org>
An: debian-newmaint@lists.debian.org
Cc: debian-newmaint <debian-newmaint@lists.debian.org>
Betreff: Re: Re: Unit 193: Declaration of intent

(I should say my views are not that of the US Federal Government, only mine and mine alone, and I did not mean to imply the NSA would kidnap anyone or do anything illegal under US Law)

USA #1,
  Paul

On Jul 13, 2016 8:33 AM, "Paul Tagliamonte" <paultag@debian.org> wrote:
On Wed, Jul 13, 2016 at 12:53:28PM +0200, Michael Ole Olsen wrote:
> If you cannot stand behind your work with your real name, you should not be in Debian IMO
>
> I'm already starting becoming paranoid with the many new uploaders, debian has gotten large by now.

No. No no no no no no no no no. Everything about this, no. No.


Trust me, nation state actors wouldn't be coming in as "Foo123", they'd
be coming in with a tight identity, with *A REAL* issued ID.

All the big countries have had spies in other countries for years, and I
find it 100% laughable that you think a name will foil them.

Foiled again! Can't find a passable fake passport!


If countries who want to get in have datacenters the size of NSA's, and
spycraft established from years of fooling border guards trained to find
fakes are your threat model, you're boned anyway.

You think a border guard can't spot a fake, what makes you think some DD
will before signing a key? (protip: they won't). Or that the inbox is
secured from a national security letter (protip: they're not).

I've known Unit's work from our Ubuntu years, and not only is it better
than the majority of people complaining about their uid string, but Unit
has done it under the same alias. I trust Unit's work.

I don't know how I'd sign their key, but I'd be willing to.


This entire thread is a shame.


I strongly invite everyone to think about their attack vector and
reconsider their point of view. Because trust me, the NSA isn't coming
in as Unit, they're comming in after pwning paultag or some DD on VAC.
Or by extoring a DD who's been gone from the project for 10 years and
has their family kidnapped and the ransom is to run a 0day on a Debian
machine.


I'll +1 Unit's DM application. I sponsored a few packages and I trust his
work.

Cheers,
  Paul
Reply to: