[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keybase.io

On Fri, Apr 04, 2014 at 07:27:36PM -0400, Paul R. Tagliamonte wrote:

> +1 russ.
> This is true of the dropbox daemon too. Are we to throw out DDs with dropboxd
> installed? Wine?

...skype, steam, flashplugin-nonfree[1].

Code git-cloned without checking signatures on tags[2] or doing some

Random cool vim plugins git pulled from random people on github with
fancy selfies[4].

ssh -X or -Y to a remote host, then run X apps.

I've recently got worried about common practices I see around me, and
started considering running a "Hardening Debian Development" BOF at the
next Debian event I'm going to participate. The intention would be to
see how to address those issues, but with a strong awareness on



[1] for example, https://lists.debian.org/debian-vote/2014/03/msg00246.html
    skype and adobe can be trusted or course, it's not as if some random
    government wouldn't have motivation and means to tweak with their
[2] As if people nowadays signed their tags. Or tagged releases. Or
    released at all. Who needs QA? Code review? The coolest features are
    in master, implemented an hour ago.
[3] http://underhanded.xcott.com/
[4] luckily, this is disabled by default, but hell if I found a warning
    about it: https://github.com/scrooloose/syntastic/blob/master/syntax_checkers/html/w3.vim
    (also found in /usr/share/vim/addons/syntax_checkers/html/w3.vim)
[5] https://www.schneier.com/blog/archives/2009/08/security_vs_usa.html
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: Digital signature

Reply to: