Re: Potential Summary: Keysigning in times of COVID-19
On Thu, Aug 13, 2020 at 02:59:59AM +0200, Ángel wrote:
> as there would be an external motivation to do that which is financing
> such activity. Please note that by 'company' I am not meaning just
> business entities, but also three letter agencies, nation states,
> malicious hacker groups, mafia...
> Even ignoring the (likely) ability of such groups to get a passport
> under a name different than the one given at birth to an individual,
> it seems they would have little trouble to produce a new identity to
> present to Debian. I assume they would probably only have a few people
> on payroll with the required expertise tasked to infiltrate into the
> project, *however* it would be very easy to let them assume online the
> identity of any other employee (such as a non-technical receptionist),
> which would be plenty if compared to the number of "ghosthacker
> developers".
I don't get where people get the feeling that producing a passport would
require a TLA/nation state/organized crime/etc. You can get one for
peanuts.
I've been offered one once, and I inquired about the details -- for just
~$25 (100PLN) the guy claimed it's done on original booklet, etc. That's
stuff for fooling actual government officials. No need to sacrifice that
whole $25 to get a fake for Debian purposes, though -- no one among us can
tell apart one booklet/card with a badly-made photo from another.
Waving a passport or similar id offers laughable security.
Meow.
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ It's time to migrate your Imaginary Protocol from version 4i to 6i.
⠈⠳⣄⠀⠀⠀⠀
Reply to: