grarpamp, thanks for making me look at
http://cryptome.org/2014/12/peck-roark-affidavit.pdf
I had dared to skip it, albeit it says a lot about the person
I am holding an exchange with.
On Sun, Dec 07, 2014 at 10:15:31AM -0800, coderman wrote:
On 12/7/14, carlo von lynX
On Sun, Dec 07, 2014 at 03:38:56AM -0800, coderman wrote:
would compromising Debian upstream be easier? probably, but it would
also be more visible.
If it took ages to find heartbleed in the source, how likely is it
that a backdoored binary is found?
I know that currently 13600 packages of
carlo von lynX wrote:
My current state of information is such that any source-code
based distribution is less likely to be affected by backdoors
until debian and all derivates indeed ship reproducible binaries.
If Whonix can be rebuilt from source, so can Qubes OS?
how do you securely
On 12/7/14, carlo von lynX l...@time.to.get.psyced.org wrote:
...
If it took ages to find heartbleed in the source, how likely is it
that a backdoored binary is found?
if the source is available, how likely is it to be reviewed?
(to play devil's advocate, if heartbleed was found via protocol
On Sun, Dec 07, 2014 at 04:53:20AM -0800, coderman wrote:
finding backdoors or vulnerabilities a problem for every
implementation, open source or not. source based or not. reproducible
builds or not.
And still it is much harder to sneak something into the official
codebase in plain view of
On 12/7/14, carlo von lynX l...@time.to.get.psyced.org wrote:
...
I wasn't talking of (2) because that is a given which isn't questioned
anywhere. I was only talking of (1). I don't know why you bring (2) into
the discussion as if there was any problem with that. Unless you are
using
On 12/7/14, coderman coder...@gmail.com wrote:
...
Qubes OS is based on Centos, while Whonix is based on Debian. Whonix +
Qubes OS a chimera, and perhaps one day you'll have a usable Gentoo
Hardened App VM template for various other paranoid purposes, too.
that should read: Qubes OS is based