On Seg, 03 Jan 2011, Naja Melan wrote:
Currently I'm installing fedora, because it seems that that is as good as it
gets with https. Their site is very neat and informative in verifying their
downloads, it all comes over certified https even extra tools like the
liveusb-creator. This gives me at
On Dom, 02 Jan 2011, Naja Melan wrote:
1. Probably the safest thing to do is buy a mac or windows cd in the shop,
although there is (for me) no way of knowing how safe that really is.
Do you trust the store? How do you know the store installed the
pristine copy of Windows or Mac OS, and not
On Seg, 03 Jan 2011, Eduardo M KALINOWSKI wrote:
2. Some linux distro's I see now do have certified https, like fedora which
puts gpg fingerprints (SHA1) of their public keys on their certified
website.
3. Other distros have md5 hashes over certified https, like ubuntu.
(virtually a shared
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
Starting january, I think I'll be able to dedicate some time to debian
security team.
Ok, so we're now at beginning of january :)
Is there any starting specific point on which help/time would be needed?
I know a “call for help” is
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
Starting january, I think I'll be able to dedicate some time to debian
security team.
Ok, so we're now at beginning of january :)
Is there any starting specific point on which help/time would be needed?
I know a “call for help” is
On Mon, Jan 03, 2011 at 03:42:42AM +0100, Naja Melan wrote:
You've downloaded a bunch of certificates that came with your web browser.
Why do you trust them?
As I pointed out above there are many problems associated with https.
Trusting the root certificates is one of those. Still the
Eduardo M KALINOWSKI edua...@kalinowski.com.br writes:
How much do you trust your USB drive? It could have a malicious
controller that detects when the correct Fedora files are written to
it, and replaces with hacked copies. And when you try to verify the
copy, it detects this and returns the
On Mon, 2011-01-03 at 08:19 -0800, Ben Pfaff wrote:
Eduardo M KALINOWSKI edua...@kalinowski.com.br writes:
How much do you trust your USB drive? It could have a malicious
controller that detects when the correct Fedora files are written to
it, and replaces with hacked copies. And when you
I have very limited trust in the CAs.
So do I. It is actually not the point. Either we consider them useless, in
which case we should refuse to use them and oppose them because they provide
a false sense of security. We should then think of alternatives.
If we consider them still a bit more
On Sun, Jan 2, 2011 at 5:24 PM, Naja Melan najame...@gmail.com wrote:
If we want to seriously speak of security, than we might conceive that at an
operating system level, amongst many other things, the issue of getting it
from the developer to the user without it being tampered with on the way
On Monday 03 January 2011, Yves-Alexis Perez wrote:
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
Starting january, I think I'll be able to dedicate some time to
debian security team.
Very nice.
Ok, so we're now at beginning of january :)
Is there any starting specific
On Mon, 03 Jan 2011 15:05:43 +0100, Yves-Alexis Perez wrote:
On mar., 2010-12-21 at 22:52 +0100, Yves-Alexis Perez wrote:
Starting january, I think I'll be able to dedicate some time to debian
security team.
Ok, so we're now at beginning of january :)
Is there any starting specific
On lun., 2011-01-03 at 16:24 -0500, Michael Gilbert wrote:
Also, it would be useful to try to start adopting some of the additional
features applied in Ubuntu [1] but not in Debian. The hardest part
there is going to be convincing the gcc maintainers to deviate from
upstream defaults.
Not
-- Forwarded message --
From: Robert Tomsick rob...@tomsick.net
Date: Mon, Jan 3, 2011 at 7:52 PM
Subject: Re: Fwd: Fwd: question regarding verification of a debian
installation iso
To: Naja Melan najame...@gmail.com
On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote:
If the
Thanks for taking this subject serious.
HTTPS is going to make it harder for man-in-the-middle shenanigans, but
that is only part of the path from the developer to the user.
One also has to consider whether the project's servers have been tampered
with - which tends to be the much more
sorry if this is a double post, but i got some mailer-deamon writing to
me... and I think the original did not go to the list.
-- Forwarded message --
From: Robert Tomsick rob...@tomsick.net
Date: Mon, Jan 3, 2011 at 7:52 PM
Subject: Re: Fwd: Fwd: question regarding verification
sorry if this is a double post, but i got some mailer-deamon writing to
me... and I think the original did not go to the list.
-- Forwarded message --
From: Robert Tomsick rob...@tomsick.net
Date: Mon, Jan 3, 2011 at 7:52 PM
- Hide quoted text -
Subject: Re: Fwd: Fwd: question
17 matches
Mail list logo