On Tue, Nov 28, 2017 at 07:48:49PM -0500, '[799]' via qubes-users wrote: > Hello, > > -------- Original-Nachricht -------- > An 29. Nov. 2017, 00:48, schrieb: > Sorry but I almost fainted ! (I even took a picture ! I could not believe > this MEGA-HUGE security flaw right in front of my eyes ) > (...) > Sorry, you are supposed to be good and security expert but you are asking me > (THE dumb USER) to report MY OWN PASSPHRASE AS A STRING to help you?? > (...) > ---------- > > Honestly I can't believe that this is true, until you prove this, which might > be hard, as even a picture can be simple "ASCII Art". > > If you are correct, this would of course mean that Qubes OS can't be trusted. > There should never be the option that a passphrase will be shown unencrypted. > > Even worse including this passphrase in an error report which gets saved or > transferred to a 3rd party (even if it the Qubes Team) is an absolute no-go. > > As mentioned, I don't believe this. > > Can you provide more guidance what you have done and what hardware you are > using, so that someone can verify this problem, if it is reproducable? > > Please also include all hardware specs, so that can also take this in account. > > If you are right and if Qubes is Open Source the source code should be > analyzed to find this "hidden feature". > > But as mentioned, I think this is BS. > > [799]
I don't see any grounds for this response. It's perfectly possible that the installer (not principally written by Qubes) could mistakenly include a passphrase string. I've seen similar stuff included in all sorts of error reports in the past. It doesn't mean that Qubes "can't be trusted" Also, since this is an installation error, let's not over egg the problem - it's not as if you're using that password anywhere else, or that you will use the same password the next time you try to install, is it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171129011055.hbv4csobzomxbdxb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
