On Mon, 05 Aug 2013 10:17:05 +0200 intrigeri <[email protected]> wrote:
> Hi, > > I need a reality check, as it's unclear to me what are the goals of > this discussion. > > Does anyone involved plan to work on improving things, and then we're > discussing where it would be best to focus their energy? If that's the > case, then I suggest we try to design solutions with baby steps that > can realistically be implemented on the short term. > > Or is the goal simply to assess the security of our current > infrastructure in various threat models? If that's the case, then how > about clearly writing these threat models so that we can then reason > on the same basis? > > Or is the goal something entirely different that I missed? > > I don't think there is a goal, I think we are all ruefully conceding that the much-vaunted Open Source process is simply unable to deliver trustworthy code, since the process of compiling the Open Sources to binary involves using utterly un-auditable binaries, running on un-auditable processors manufactured by a very small number of companies. We can also assume that if something is technically possible, perhaps involving the outright purchase or intimidation of a few hundred humans, then the largest organised crime syndicates on the planet (a.k.a. governments) will do it. -- Joe -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
