[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> There is not much one can do when a maintainer with signing/release > power does something intentionally wrong. That is clearly true. I don't think we should propose changes in tools with the idea of preventing such sabotage outright. We should also point out that free software is still far safer than nonfree software. With nonfree software, intentional sabotage is normal practice (see https://gnu.org/malware/) and unintentional gross security failures are not unusual. However, this case could suggest improvements in practices or tools that would catch more mistakes, and some instances of sabotage too. It can't hurt to think about possibilities for that, Just as long as we don't insist on perfect or nothing. Because, as you said, no change in tools could protect perfectly against this soft of devious sabotage. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)