Re: concrete steps for improving apt downloading security and privacy
On Wed, Jul 9, 2014 at 10:53 PM, Michael Stone <email@example.com> wrote:
> On Wed, Jul 09, 2014 at 10:15:59PM -0400, Darius Jahandarie wrote:
>> It would be nice for this information to be somewhere more formal than
>> in mailing list archives. Threat models are becoming increasingly
>> important to convey to end users.
> The mailing list discussion referenced the sources...
What I mean by "more formal" can be approximated by "discoverable by
searching 'debian security' on Google and clicking on the first link".
If Tux Q. Debiannewbie doesn't know what adversaries with what powers
they are/aren't protected against for their use cases without looking
hard and being a security expert, it's hard to make serious claims
that Debian is actually protecting its users.
(Halting the endless discussion loops on debian-security@ is just a
nice side effect of fixing the actual problem.)