Hi! Thanks for your reply! > How big is that risk in reality?
I would say it is one of these situations where the chances of it happening are extremely low but the potential damage is very high -- both for users and the project. Kind of like all the emergency exits in an aircraft: the chances you will actually get to use them are low but they're here because it cannot hurt to know they might come in handy. > Do you check the identity of your courier when he/she delivers a > parcel to you? The answer is probably no for 99% of people. Should we > be doing this? As a matter of fact, I sometimes do. It all depends on which package is at hand and, in the case of file downloads, I would think downloading an executable (Camino) requires more precautions than downloading a simple image or a PDF file -- which can also raise issues but, as you so rightly point, there is a limit where one should trust the other party. > In all honesty, even if I checked the courier's credentials, I have no > way of knowing they are authentic. In the end it t depends on how > paranoid we are. I usually grant trust to people every day, taking > people (or businesses ) at face value is a reflection of how we view > our world. That is true. > All a check sum would do is confirm that the correct one for that > file, not its authenticity. Its very self-referential. Anyone capable > of breaching the security of a server like these is just as capable of > putting the correct check sum for the malicious file he just slipped > onto the Camino servers. Maybe -- although one of the mirror servers could, due to some administrative issue, become temporarily vulnerable in a way the Mozilla servers would never be, or the reverse. Also, it takes more time and energy to hack two servers than one, even for the most experienced of hackers. > What is true is that I have faith in the people who have been working > on this project ... this extends to the choices they make about the > security of their servers. It is part and parcel of the work of a a > development team. There is a kind of chain of trust here which enables > us to act in a somewhat less paranoid mode than some suggest. It's not a matter of trusting the people working for the project here or their security choices. On the contrary: I trust them and this is why I use their product -- like million other people. It's more a question of ensuring all the chances are on their side should something bad and beyond their control happen. > I've chosen trust in place of paranoia. I'll leave it to a quote I especially like: "The difference between common-sense and paranoia is that common-sense is thinking everyone is out to get you. That's normal -- they are. Paranoia is thinking that they're conspiring." This being said, thank you for your input and sharing your opinion. I really appreciate it and fully respect it. FJ _______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
