On Sat, Aug 03, 2013 at 08:46:53PM +1000, Aníbal Monsalve Salazar wrote: > On Sat, Aug 03, 2013 at 12:17:06PM +0200, Volker Birk wrote: > > Not to mention the build tool chains. > It reminds me of Ken Thompson's article Reflections on Trusting Trust. Yes, that's what I'm alluding to. For attacking Debian, being a maintainer of say, binutils or gcc would be best. But hey, there are libtool, autotools-dev, autoconf etc. It would be adequately easy being a maintainer of something in the kernel, of course, whatever it is. What is that telling us? Well, we're all dependent on a web of trust – even if we wouldn't use OpenPGP ;-) And, please, don't let us start with mistrust here. It will lead us into a situation, where we can't work together any more. That is, by the way, the hugest threat I'm seeing with all those NSA spying stuff: they're destroying what our community, they're destroying what society is build on: trust. There is no cooperation without trust, none. And there is none if all power is owned by trusts… Yours, VB. -- pibit AG, Oberer Graben 4, 8400 Winterthur mailto:vb@pibit.ch Mobile +41 (79) 292 88 87
Attachment:
pgp0aZstOV4RG.pgp
Description: PGP signature