Re: Compromising Debian Repositories
On Mon, Aug 05, 2013 at 09:11:21PM +0100, Joe wrote:
I don't think there is a goal, I think we are all ruefully conceding
that the much-vaunted Open Source process is simply unable to deliver
trustworthy code, since the process of compiling the Open Sources
to binary involves using utterly un-auditable binaries, running on
un-auditable processors manufactured by a very small number of
We can also assume that if something is technically possible, perhaps
involving the outright purchase or intimidation of a few hundred humans,
then the largest organised crime syndicates on the planet (a.k.a.
governments) will do it.
Anything humans can make, humans can un-make. Welcome to reality. Is
this something you need to lose a lot of sleep over? No, probably not.
There's what is possible, and then there is what is likely, and we
probably have more practical issues to spend time on.