Re: SSL for debian.org/security?

To: debian-security@lists.debian.org
Subject: Re: SSL for debian.org/security?
From: adrelanos <adrelanos@riseup.net>
Date: Tue, 29 Oct 2013 10:05:59 +0000
Message-id: <[🔎] 526F8887.9040403@riseup.net>
In-reply-to: <[🔎] 526F855D.1080507@gmail.com>
References: <[🔎] CAAy1gkeUt_jr0uDt0B=HdnAZnmmHDqygrwgYg4dU7X9zjVUrSA@mail.gmail.com> <[🔎] 526F7FDF.7030601@tightwax.com> <[🔎] CAM5XQnxCxogD4JMaqyS27zzsorFZ-G8Dsa_71sABGFQHChmrag@mail.gmail.com> <[🔎] 526F855D.1080507@gmail.com>

Tormen:
> On 29/10/13 10:44, Jordon Bedwell wrote:
>> On Tue, Oct 29, 2013 at 4:29 AM, Nikolay Kubarelov <niko@tightwax.com> wrote:
>>> I would use Tor hidden service instead of SSL.
>> Wait: What? Can't tell if serious.
> And then again:
> http://yro.slashdot.org/story/13/08/04/2054208/half-of-tor-sites-compromised-including-tormail
> ^^

That is a totally unrelated story. No argument against hidden services
at all.

- They took down a hidden service host violating laws -> not of concern
for Debian, since not violating laws.

- They didn't break Tor hidden services, they broke the server software
of someone who allowed anyone to run arbitrary php scripts.

- Only one hidden service which provides free hidden hosting to others
was taken down. Anyone hosting it's own hidden service was unaffected.

Reply to:

References:
- SSL for debian.org/security?
  - From: Mark Haase <mark.haase@lunarline.com>
- Re: SSL for debian.org/security?
  - From: Nikolay Kubarelov <niko@tightwax.com>
- Re: SSL for debian.org/security?
  - From: Jordon Bedwell <jordon@envygeeks.com>
- Re: SSL for debian.org/security?
  - From: Tormen <my.nl.abos@gmail.com>

Prev by Date: Re: SSL for debian.org/security?
Next by Date: Re: SSL for debian.org/security?
Previous by thread: Re: SSL for debian.org/security?
Next by thread: Re: SSL for debian.org/security?
Index(es):
- Date
- Thread