> I guess you haven't read news about leaks happening once in a short while?
> It seems as if in most cases the govt is interested mostly not in what was
> leaked, but in who leaked it, so they can make an example of the
> whistleblower.
The arguments against this seem to center on an attacker bei
On Thu, 2017-12-07 at 22:04 +0100, Adam Borowski wrote:
> I might be inattentive, but I did not notice a single pro mentioned
> on
> this thread. The only part, Windows-like "you downloaded this file
> from the
> Internet, it may be bad" popup, can be done with a boolean, and is
> still a
> dubio
On Thu, Dec 07, 2017 at 12:17:10PM -0500, Paul R. Tagliamonte wrote:
> If the Secret Police has seized your computer, has physical access to
> your machine and the decryption passphrase for your system, I don't
> think there's any website that you visited that would be more
> incriminating than the
> I don't know how does it work in reality but the Windows way to mark
> downloaded files is actually to put a zone number into the attribute,
> and
> zones are that thing that theoretically distinguishes between local
> sites,
> internet sites, trusted sites etc.:
> https://msdn.microsoft.com/en-
On Thu, Dec 07, 2017 at 11:05:38AM -0800, Diane Trout wrote:
> Tracker should have a way to avoid indexing files that have been
> downloaded at least from untrusted domains, and possibly all downloaded
> files.
>
> But yes, we should have a way of indicating "trusted" domains, so users
> get fewer
On Thu, 2017-12-07 at 19:25 +0100, gregor herrmann wrote:
> On Thu, 07 Dec 2017 08:16:47 -0500, Paul R. Tagliamonte wrote:
>
> > Restricting the execution of files one downloads or disabling
> > macros on
> > word documents you download and open would be a huge security win.
>
> I'm skeptical, at
> The pros vastly outweighs the speculitive cons on this, it's
> literally
> just a tag that's stored on the filesystem. If you can read the tag,
> you can read the file. If you store porn that's readable by others,
> it's not a shock that you go to porn websites. If you have an
> overthrow the go
On Thu, 07 Dec 2017 08:16:47 -0500, Paul R. Tagliamonte wrote:
> Restricting the execution of files one downloads or disabling macros on
> word documents you download and open would be a huge security win.
I'm skeptical, at least if this leads to more of the
well-known-and-much-despised "Do you r
On Thu, Dec 7, 2017 at 11:06 AM, Ian Jackson
wrote:
> Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software
> by stuff in main"):
>> I claim if you can read this attribute, you can observe the rest of those
>> actions passively.
>
> So the secret police who have seized my co
Quoting Ian Jackson (2017-12-07 17:06:43)
> Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software
> by stuff in main"):
>> I claim if you can read this attribute, you can observe the rest of
>> those actions passively.
>
> So the secret police who have seized my computer, or
Holger Levsen writes ("technical terms (Re: Automatic downloading of non-free
software by stuff in main)"):
> On Thu, Dec 07, 2017 at 04:06:43PM +, Ian Jackson wrote:
> > (Your logic would argue that browser porn mode is basically
> > pointless.)
>
> I didnt get what you ment originally, but
On Thu, Dec 07, 2017 at 04:06:43PM +, Ian Jackson wrote:
> (Your logic would argue that browser porn mode is basically
> pointless.)
I didnt get what you ment originally, but after the 3rd mail using these
words I realized you ment "privacy mode".
I dont understand why you are using demeanin
Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software by
stuff in main"):
> I claim if you can read this attribute, you can observe the rest of those
> actions passively.
So the secret police who have seized my computer, or my spouse who
suspects me of looking at the "wrong
On Thu, Dec 07, 2017 at 01:59:16PM +, Holger Levsen wrote:
> On Thu, Dec 07, 2017 at 01:52:07PM +, Ian Jackson wrote:
> > Furthermore, this "file is dangerous" attribute ought to be copied
> > much more.
>
> no, it ought to be the default. all files should be considered harmful,
> unless t
On Dec 7, 2017 8:52 AM, "Ian Jackson"
wrote:
Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software
by stuff in main"):
> I hilariously discovered this last night as well (playing with IMA), and
> removing the creation of that attr would be a huge step back.
>
> Restricting t
On Thu, Dec 07, 2017 at 01:52:07PM +, Ian Jackson wrote:
> Furthermore, this "file is dangerous" attribute ought to be copied
> much more.
no, it ought to be the default. all files should be considered harmful,
unless tagged otherwise.
> It seems to me therefore that this XDG url saving attri
~Stuart Prescott writes ("Re: Automatically marking downloaded files (was Re:
Automatic downloading of non-free software by stuff in main)"):
> * wget in stretch doesn't set xattrs (but the version in sid does)
Cripes.
> * chromium doesn't set xattrs if you "File→Save" but does if the
> file typ
Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software by
stuff in main"):
> I hilariously discovered this last night as well (playing with IMA), and
> removing the creation of that attr would be a huge step back.
>
> Restricting the execution of files one downloads or disabl
I hilariously discovered this last night as well (playing with IMA), and
removing the creation of that attr would be a huge step back.
Restricting the execution of files one downloads or disabling macros on
word documents you download and open would be a huge security win.
These attributes are de
On Thu, Dec 07, 2017 at 11:55:07AM +0100, Daniel Pocock wrote:
> - the use of the debian.org addresses is a strong way for people to show
> that they are doing things on behalf of Debian,
This. I don't think we should drop @debian.org email addresses for that reason.
--
Could you people please u
On Thu, Dec 7, 2017 at 9:09 PM, Holger Levsen wrote:
> ah, so it's a privacy hole in certain tools, but not in xattr.
Is it any more of a privacy hole than ~/.bash_history?
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Thu, Dec 07, 2017 at 05:58:31PM +0500, Andrey Rahmatullin wrote:
> On Thu, Dec 07, 2017 at 12:50:06PM +, Holger Levsen wrote:
> > > > Ah, damnit. It supports *some* xattrs (like the security namespace),
> > > > but apparently not *user* xattrs.
> > > Good. While xattrs have some uses, this
On Thu, Dec 07, 2017 at 12:50:06PM +, Holger Levsen wrote:
> > > Ah, damnit. It supports *some* xattrs (like the security namespace),
> > > but apparently not *user* xattrs.
> > Good. While xattrs have some uses, this is a hidden privacy hole most users
> > aren't aware of
>
> could you be
On Thu, Dec 07, 2017 at 03:27:42AM +0100, Adam Borowski wrote:
> > Ah, damnit. It supports *some* xattrs (like the security namespace),
> > but apparently not *user* xattrs.
> Good. While xattrs have some uses, this is a hidden privacy hole most users
> aren't aware of
could you be so kind to e
On 15/11/17 12:53, Ian Jackson wrote:
> Someone who was sort-of-MIA said on -private that they would like to
> keep their @debian.org email forwarding indefinitely, as they move to
> emeritus status.
One alternative that wasn't mentioned in this thread: what if Debian
stops providing @debian.org e
25 matches
Mail list logo
