Re: Compromising Debian Repositories

To: debian-security@lists.debian.org
Subject: Re: Compromising Debian Repositories
From: Michael Stone <mstone@debian.org>
Date: Tue, 6 Aug 2013 06:47:37 -0400
Message-id: <[🔎] 490c356c-fe85-11e2-a8fa-001cc0cda50c@msgid.mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20130805211121.4c397073@jretrading.com>
References: <[🔎] 51FCDDAA.3080208@riseup.net> <[🔎] 20130803112956.GA5775@dingens.org> <[🔎] 51FDC4C1.7050307@riseup.net> <[🔎] 85li4hx5b0.fsf@boum.org> <[🔎] 51FE0CF8.9090702@stranner.org> <[🔎] b31dba54-fd0c-11e2-a173-001cc0cda50c@msgid.mathom.us> <[🔎] CAKhc=u4DAm-UeMqpb5ow2kr37Wpr9ZmUAPpo1AuJwCZj7hPLdA@mail.gmail.com> <[🔎] 51FEC685.3020803@riseup.net> <[🔎] 85k3k0tuv2.fsf@boum.org> <[🔎] 20130805211121.4c397073@jretrading.com>

On Mon, Aug 05, 2013 at 09:11:21PM +0100, Joe wrote:

I don't think there is a goal, I think we are all ruefully conceding
that the much-vaunted Open Source process is simply unable to deliver
trustworthy code, since the process of compiling the Open Sources
to binary involves using utterly un-auditable binaries, running on
un-auditable processors manufactured by a very small number of
companies.

We can also assume that if something is technically possible, perhaps
involving the outright purchase or intimidation of a few hundred humans,
then the largest organised crime syndicates on the planet (a.k.a.
governments) will do it.

Anything humans can make, humans can un-make. Welcome to reality. Isthis something you need to lose a lot of sleep over? No, probably not.There's what is possible, and then there is what is likely, and weprobably have more practical issues to spend time on.


Mike Stone

Reply to:

References:
- Re: Compromising Debian Repositories
  - From: adrelanos <adrelanos@riseup.net>
- Re: Compromising Debian Repositories
  - From: Volker Birk <vb@pibit.ch>
- Re: Compromising Debian Repositories
  - From: adrelanos <adrelanos@riseup.net>
- Re: Compromising Debian Repositories
  - From: intrigeri <intrigeri@debian.org>
- Re: Compromising Debian Repositories
  - From: Heimo Stranner <heimo@stranner.org>
- Re: Compromising Debian Repositories
  - From: Michael Stone <mstone@debian.org>
- Re: Compromising Debian Repositories
  - From: Daniel Sousa <daniel@sousa.me>
- Re: Compromising Debian Repositories
  - From: adrelanos <adrelanos@riseup.net>
- Re: Compromising Debian Repositories
  - From: intrigeri <intrigeri@debian.org>
- Re: Compromising Debian Repositories
  - From: Joe <joe@jretrading.com>

Prev by Date: Re: Compromising Debian Repositories
Next by Date: Re: Compromising Debian Repositories
Previous by thread: Re: Compromising Debian Repositories
Next by thread: Re: Compromising Debian Repositories
Index(es):
- Date
- Thread