Even if the threat you describe is real, why couldn't it be resolved in a
simpler way?
I'm thinking certificates and signatures...
I mean, for each distribution in each architecture, there is basically a
single build configuration which needs to be certified as "trojan-free".
And this is basicall
On Thu, Sep 4, 2014 at 4:57 PM, Bruno Loff wrote:
> Even if the threat you describe is real, why couldn't it be resolved in a
> simpler way?
>
First, here's a slightly philosophical question: do you accept that a
threat can be a real threat, even if it's not carried out? So if I say to
you, "You
