Hello, Michael Paoli <michael.paoli@berkeley.edu> wrote on 15/09/2025 at 01:20:23+0200: > "extraordinary claims require extraordinary evidence". > Please point to the evidence. > Both Linux and Tor, OpenSource, > and with source/version control and history, etc. > So if they were compromised at any point, or even > unintentional compromising bugs introduced, one should > well be able to point that out, and when, and the responsible > party that introduced such. > While I'm sure there are entities that would wish to compromise > Linux and/or Tor, actually doing so is quite non-trivial, given all the > eyes on the code, various testing and monitoring, etc. Even when a > bad actor intentionally compromised xz, that was caught in relatively > short order, and long before making it to any Debian stable release or the like. > May want to first look at simpler more probable explanations before presuming > the much less probable. E.g. if you believe you were compromised, were you > compromised via other simpler, easier means, e.g. somehow otherwise leaking > your information/data - such as a compromised Tor entry relay, or many > other possible > means, which would be a much simpler and easier attack/compromise > than what you claim. There are many other possibilities, > but that's just one that's far simpler and easier than what you're claiming. > > So, if you claim compromise of the code, point to the actual evidence, > where exactly > in the code is the compromise? Otherwise you're making quite > extraordinary claims, > without the corresponding evidence to back those claims. > > And you're claiming both were compromised? Really. Sounds like > conspiracy fodder without backing evidence. I see these kind of mails as wasteful in terms of resources, I'd suggest not to engage. Bests, -- PEB
Attachment:
signature.asc
Description: PGP signature