Hi Peter, as your message hasn't reached the list inspite of being addressed to it, I resend it.
Thanks Stephan -------- Weitergeleitete Nachricht -------- Betreff: Re: German ct magazine postulates death of pgp encryption Datum: Mon, 02 Mar 2015 18:53:57 +0100 Von: Peter Lebbing <pe...@digitalbrains.com> An: Stephan Beck <st...@mailbox.org>, gnupg-users@gnupg.org On 02/03/15 11:35, Stephan Beck wrote: > Sticking to that "perfect position argument", in what kind of position are > (would be) the people that control (packaging of) your distro? (Just > curious.) I think they basically completely control my system. For individual Debian Developers, it might need some ingenuity to get something sneaky on my computer, since they generally only provide source, and the binaries are built on the Debian infrastructure. Mind you, I say they need some ingenuity, that is a far shot from "it's difficult". But the keys that the package manager checks? If you have those, and can get my package manager to download your stuff, it's trivial to change any file, any binary, any program on my computer. It has occured to me that I probably could simply local-sign and fully trust all OpenPGP keys of Debian Developers, since if the holder of said key wanted, they could simply hardwire my GnuPG installation to effectively do the same without my consent. But still, I haven't done it :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
