On Fri, Apr 04, 2014 at 07:27:36PM -0400, Paul R. Tagliamonte wrote: > +1 russ. > This is true of the dropbox daemon too. Are we to throw out DDs with dropboxd > installed? Wine?
...skype, steam, flashplugin-nonfree[1]. Code git-cloned without checking signatures on tags[2] or doing some auditing[3]. Random cool vim plugins git pulled from random people on github with fancy selfies[4]. ssh -X or -Y to a remote host, then run X apps. I've recently got worried about common practices I see around me, and started considering running a "Hardening Debian Development" BOF at the next Debian event I'm going to participate. The intention would be to see how to address those issues, but with a strong awareness on usability[5]. Ciao, Enrico [1] for example, https://lists.debian.org/debian-vote/2014/03/msg00246.html skype and adobe can be trusted or course, it's not as if some random government wouldn't have motivation and means to tweak with their code. [2] As if people nowadays signed their tags. Or tagged releases. Or released at all. Who needs QA? Code review? The coolest features are in master, implemented an hour ago. [3] http://underhanded.xcott.com/ [4] luckily, this is disabled by default, but hell if I found a warning about it: https://github.com/scrooloose/syntastic/blob/master/syntax_checkers/html/w3.vim (also found in /usr/share/vim/addons/syntax_checkers/html/w3.vim) [5] https://www.schneier.com/blog/archives/2009/08/security_vs_usa.html -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>
signature.asc
Description: Digital signature
