Re: concrete steps for improving apt downloading security and privacy

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: concrete steps for improving apt downloading security and privacy
From: Darius Jahandarie <djahandarie@gmail.com>
Date: Wed, 9 Jul 2014 23:56:43 -0400
Message-id: <[🔎] CAFANWtVc1URqiCiOBYBpxEDUyWh8Qn0sf_=eSqT3X9bu3U_X_Q@mail.gmail.com>
In-reply-to: <[🔎] efdda2b2-07e0-11e4-bd13-00163eeb5320@msgid.mathom.us>
References: <[🔎] 53B6150A.3000602@at.or.at> <[🔎] CACJnc4hN93PJHuWm_GU-sXASW-65OaDtNJL6jH0gumqbyLsv8Q@mail.gmail.com> <[🔎] 20140710021124.GA27544@mathom.us> <[🔎] CAFANWtWQZfCVNB9OzM1wMccmzytVPjBToT4OM9w+bF9aNPCUQw@mail.gmail.com> <[🔎] 44b71312-07dd-11e4-8a0a-00163eeb5320@msgid.mathom.us> <[🔎] CAFANWtVwpq8qXOJ+yyn_nHpxYmq4HoAZN58Oo5EtCQUZOkeXyQ@mail.gmail.com> <[🔎] efdda2b2-07e0-11e4-bd13-00163eeb5320@msgid.mathom.us>

On Wed, Jul 9, 2014 at 11:23 PM, Michael Stone <mstone@debian.org> wrote:
> I frankly find it hard to believe that someone who is unwilling to click
> past the first link when researching actually cares much about any kind of
> writeup of threat models. I'll make it simple: if you're completely
> unsophisticated and worried about a government hijacking your linux
> distribution to spy on you, there's nothing debian can do to help you. If
> you're low profile and uninteresting, the government doesn't care about you.
> If you're actually being targeted by well funded and sophisticated
> adversaries, they're going to get you unless you put a heck of a lot more
> effort in than clicking on the first link.

Someone who is unwilling to click past the first link /now/ may become
very willing to continue clicking once they read it.

"Debian will not protect you against nation-state adversaries" is a
very useful bit of information for many non-technical activists, which
often leads to the questions:
  * "Why?" (what powers can they use to subvert existing protections?)
  * "What /does/ protect you?" (what new protections need I put in
     place such that those powers cannot subvert them?)
It would be lovely to have the answers nearby.

-- 
Darius Jahandarie

Reply to:

Follow-Ups:
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>

References:
- concrete steps for improving apt downloading security and privacy
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Kitty Cat <realizar.la.paz@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Darius Jahandarie <djahandarie@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Darius Jahandarie <djahandarie@gmail.com>
- Re: concrete steps for improving apt downloading security and privacy
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: concrete steps for improving apt downloading security and privacy
Next by Date: Re: concrete steps for improving apt downloading security and privacy
Previous by thread: Re: concrete steps for improving apt downloading security and privacy
Next by thread: Re: concrete steps for improving apt downloading security and privacy
Index(es):
- Date
- Thread