sorry if this is a double post, but i got some mailer-deamon writing to
me... and I think the original did not go to the list.
-- Forwarded message --
> From: Robert Tomsick
> Date: Mon, Jan 3, 2011 at 7:52 PM
> - Hide quoted text -
> Subject: Re: Fwd: Fwd: question regarding veri
sorry if this is a double post, but i got some mailer-deamon writing to
me... and I think the original did not go to the list.
-- Forwarded message --
From: Robert Tomsick
Date: Mon, Jan 3, 2011 at 7:52 PM
Subject: Re: Fwd: Fwd: question regarding verification of a debian
installa
Thanks for taking this subject serious.
> HTTPS is going to make it harder for man-in-the-middle shenanigans, but
> that is only part of the path "from the developer to the user."
> One also has to consider whether the project's servers have been tampered
> with - which tends to be the much more
-- Forwarded message --
From: Robert Tomsick
Date: Mon, Jan 3, 2011 at 7:52 PM
Subject: Re: Fwd: Fwd: question regarding verification of a debian
installation iso
To: Naja Melan
On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote:
> If the author of such instructions
> would be
On lun., 2011-01-03 at 16:24 -0500, Michael Gilbert wrote:
> Also, it would be useful to try to start adopting some of the additional
> features applied in Ubuntu [1] but not in Debian. The hardest part
> there is going to be convincing the gcc maintainers to deviate from
> upstream defaults.
No
On Mon, 03 Jan 2011 15:05:43 +0100, Yves-Alexis Perez wrote:
> On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
> > Starting january, I think I'll be able to dedicate some time to debian
> > security team.
>
> Ok, so we're now at beginning of january :)
>
> Is there any starting speci
On Monday 03 January 2011, Yves-Alexis Perez wrote:
> On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
> > Starting january, I think I'll be able to dedicate some time to
> > debian security team.
Very nice.
> Ok, so we're now at beginning of january :)
>
> Is there any starting spec
On Sun, Jan 2, 2011 at 5:24 PM, Naja Melan wrote:
> If we want to seriously speak of security, than we might conceive that at an
> operating system level, amongst many other things, the issue of getting it
> from the developer to the user without it being tampered with on the way is
> quite an im
>
> I have very limited trust in the CAs.
>
So do I. It is actually not the point. Either we consider them useless, in
which case we should refuse to use them and oppose them because they provide
a false sense of security. We should then think of alternatives.
If we consider them still a bit more
On Mon, 2011-01-03 at 08:19 -0800, Ben Pfaff wrote:
> Eduardo M KALINOWSKI writes:
>
> > How much do you trust your USB drive? It could have a malicious
> > controller that detects when the correct Fedora files are written to
> > it, and replaces with hacked copies. And when you try to verify the
Eduardo M KALINOWSKI writes:
> How much do you trust your USB drive? It could have a malicious
> controller that detects when the correct Fedora files are written to
> it, and replaces with hacked copies. And when you try to verify the
> copy, it detects this and returns the SHA1 (or any other ch
On Mon, Jan 03, 2011 at 03:42:42AM +0100, Naja Melan wrote:
> > You've downloaded a bunch of certificates that came with your web browser.
> > Why do you trust them?
> >
>
> As I pointed out above there are many problems associated with https.
> Trusting the root certificates is one of those. Sti
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
> Starting january, I think I'll be able to dedicate some time to debian
> security team.
Ok, so we're now at beginning of january :)
Is there any starting specific point on which help/time would be needed?
I know a “call for help” is s
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
> Starting january, I think I'll be able to dedicate some time to debian
> security team.
Ok, so we're now at beginning of january :)
Is there any starting specific point on which help/time would be needed?
I know a “call for help” is s
On Seg, 03 Jan 2011, Eduardo M KALINOWSKI wrote:
2. Some linux distro's I see now do have certified https, like fedora which
puts gpg fingerprints (SHA1) of their public keys on their certified
website.
3. Other distros have md5 hashes over certified https, like ubuntu.
(virtually a shared fourth
On Dom, 02 Jan 2011, Naja Melan wrote:
1. Probably the safest thing to do is buy a mac or windows cd in the shop,
although there is (for me) no way of knowing how safe that really is.
Do you trust the store? How do you know the store installed the
pristine copy of Windows or Mac OS, and not a
On Seg, 03 Jan 2011, Naja Melan wrote:
Currently I'm installing fedora, because it seems that that is as good as it
gets with https. Their site is very neat and informative in verifying their
downloads, it all comes over certified https even extra tools like the
liveusb-creator. This gives me at
17 matches
Mail list logo
