[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian dev-machine best practice? was: keybase.io

On Fri, 2014-04-25 at 11:07 +0200, Thomas Koch wrote:
> Hi,
> I'm planning to improve my paranoia once I become a DD. For now I run Debian 
> stable + backports exclusively on the machine having my private key. 
> Everything else runs in a virtual machine with xpra[1] for X. I don't use 
> Skype.
> [1] xpra package in Debian
> I'm longing for linux containers to become usable for noobs like me. Than I 
> could move untrusted applications from virtual machines into unprivileged 
> containers (running without root privileges).
> I was about to automate my setup of kvm+xpra when I learned more about 
> containers and now consider this the best compromise if you don't use a 
> separate offline machine to sign packages.
> What do you think?

I think there are too many local privilege escalation vulnerabilities in
Linux, to rely solely on containers as a sandbox mechanism.


Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: