> The solution of course is as you urged takethe...@gmx.de , to get a > free operating system such as Linux or BSD, complete with free > build tools & compile your own (even non programmers can do that, > eg on an OS downloaded from http://www.freebsd.org Compiling your own fixes the issue of the sources not corresponding to binaries. (well possibly there is a hole you compile with a compromised binary)
But i think people are _correct_ in thinking that it is too much work? Package managers currently rather often sign the packages, the delivery part has a measure of security, at least. Cant package managers like apt come with easy to tools to check that the binary corresponds to the sources so people can easily do so? Perhaps a standard place to vouch for the fact that you did check some package would be a nice thing aswel. gitian.org might be a good start. This way of improving security might reach more people for the same or less work. (However PKGBUILDs on pacman AUR have not always been co-operative, not everything may compile easily, and if you tweak something to make it work, a difference in compiled result might hinge on that) As others noted, endpoints are too often insecure. Arent computers getting much cheaper now, as shown by say, the raspberry pi? It seems to me that it is time to start running highly-security oriented operating systems on cheap computers. Those would then just be used for message sending, signing documents, basic browsing..(Is there a pdf tool for extra security.) If it is not a persons main computer, restricting what it is used for is simply not an inconvenient nearly as much. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
