>>>>> "Christian" == Christian Storch <storch@infra.net> writes: Christian> So I'm thinking about establishing an own small debian Christian> archive out of self recompiled packages as ong as there is no Christian> secure solution of authenticating packages! Just make sure that the sources are signed and/or you read through every line. And don't forget to build your compiler from scratch in binary, or else your compiler could have been cracked to insert a backdoor into SSH without your knowledge. Writing the compiler in assembly isn't enough, because the assembler could be compromised too. (Or maybe you would be better off just manipulating your hard-drive by hand with an x-acto knife and duct tape...) And do you trust that Intel/AMD/Motorola/etc hasn't been infiltrated by the FBI, and are recording all your system activity? Oh my goodness! I just realized that "reality" is just a computer program that taps right into my brain. Everything's just an illusion, and the TLAs can read my thoughts! Aaaaah! ... Aah, paranoid delusions are so much fun. P.S. This message is GPG signed, so that you can verify that I did indeed write it. Or can you really ... ? -- Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
Attachment:
pgp0v45BL1oJn.pgp
Description: PGP signature