On Wed, 30 Apr 2014 18:33:56 +0200 Aaron Zauner wrote: > > It adds a lot of complexity for privacy benefit. Integrity is often > > muddled into security too. As far as I am concerned they can actually > > counter each other and are seperate entities. > No they are not. Integrity should be part of your understanding of > security. Basics of information security suggest confidentiality, > integrity and availability. [0] >
Suggested Basics, yes and good to remember they may influence each other but I don't like mixing them up once that is understood personally. The desired level of "Information security" *may* have next to nothing to do with integrity and conversely availability can often be everything in a specific situation. It makes much more practical sense to keep integrity and availability as their own seperate entities. All too often the word secure is confused and abused or marketed. All too often I have witnessed it being said that X is more secure when actually it may be more exploitable but increases availability or integrity. Debian developers not being able to upload security fixes is part of the mix but then I would guess you could more easily bring down the TOR network too than a private VPN and filtering would be much more difficult so I would say TOR is not *optimum* for security or availability and obscurity is no real security though perhaps very occasionally the best possible ;-). > > Obscuring from targetted attack is highly questionable to me when a > > secure VPN from a lightly used machine (no web browsing) can offer real > > security. You may just be giving a way in otherwise. > First I don't understand your first sentence. Second how does a VPN > provide more "security" than say Tor? Tor is more complex, less proven, had more past exploits and crucially I believe? generally more reliant on external infrastructure. It's primary aim is privacy and not a simply secure protocol. I include SSH when I say VPN too but host security is paramount in any case. Devs avoiding html mail clients on machines with keys or access etc.. might be another idea. Was there a resolution on binary uploads? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/483967.32253...@smtp150.mail.ir2.yahoo.com