Von: vedaal via Gnupg-users Gesendet: Montag, 25. Februar 2019 22:09 An: justina colmena; gnupg-users@gnupg.org Betreff: Re: Ok this is a stupid questions
Why do you think GnuPG is useless if you check the source-code, run it on hardware you trust, and a Linux variant you trust, with a Chromium/Iron browser, and avoid anything google or microsoft or apple or any non-FOSS product? Why do you think FOSS is more secure? Do you think that people always check the source code, with every release of their OS updates or the GnuPG updates? I doubt that. And how about FOSS developers? Do they regularly check their sites if the code was exchanged and if their keys are already compromised? The detached signatures or hashes of FOSS software are not time stamped. Is / was FOSS, like GnuPG, ever audited by major and trustworthy institutions, were users could read reports about their findings? Can you always trust developers, because they have many sigs on their keys but not sign back the signers keys? I have learned in the past trust nobody. Therefore I would not rely on people from the GnuPG ecosystem and what they say. Last but not least don’t forget rule 41, for example, which allows the FBI to hack computers worldwide. And if they can hack and access computers then others can do so too. You also never read here best practice tips like use a second computer, not connected to the Internet, and GnuPG in command line mode. 😊 Regards Stefan
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
