[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keybase.io

+1 russ.

This is true of the dropbox daemon too. Are we to throw out DDs with dropboxd installed? Wine?

On Apr 4, 2014 7:23 PM, "Russ Allbery" <rra@debian.org> wrote:
Gunnar Wolf <gwolf@gwolf.org> writes:

> Urgh...

> Well, please enlighten me here: Without fully auditing the _javascript_
> code you are using to do the crypto client-side, can you *really* be
> certain your private half has not travelled to Keybase?

If _javascript_ running in a browser has access to your GPG secret key
without you explicitly pasting it into the browser, I think you have
larger problems....

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

To UNSUBSCRIBE, email to debian-project-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 87d2gw4r3c.fsf@windlord.stanford.edu" target="_blank">https://lists.debian.org/[🔎] 87d2gw4r3c.fsf@windlord.stanford.edu

Reply to: