Re: AW: Ok this is a stupid questions

Tue, 26 Feb 2019 10:59:40 -0800 


On 2/26/2019 at 10:29 AM, "Stefan Claas"  wrote:
        Von: vedaal via Gnupg-users
Gesendet: Montag, 25. Februar 2019 22:09
An: justina colmena; gnupg-users@gnupg.org
Betreff: Re: Ok this is a stupid questions
        Why do you think GnuPG is useless if you check the source-code, run
it on hardware you trust, and a Linux variant you trust, with a
Chromium/Iron browser, and avoid anything google or microsoft or apple
or any non-FOSS product? 
        I have learned in the past trust nobody. Therefore I would not rely

        on  people from the GnuPG ecosystem and what they say.

         =====

        It depends on how realistic your threat model is.

        For someone in a politically repressive regime who is being targeted,
yes, trust should be very limited, and clearly earned.

        For those  whose threat model is criminal hacking by individual
opportunists,  there is a certain leeway.

        When i first started out, I knew people who read every single line of
PGP 2.x sourcecode, and even today, refuse to migrate to gnupg because
they haven't the time to read all the code.

        (Although some have considered that if there would be a minimalist
version, with a small enough code to read, they would definitely use
it.)

        These people routinely 'airgap' their encrypting functions.

        I respect it, 

        but there is literally no end to how paranoid one can be ...

        For example, has anyone you know, ever checked how the compilers
work?  (Reviewed gcc's source code, and the hardware necessary to make
it run, to ensure that nothing is 'added/subtracted/altered' when it
gets to machine language? Even more difficult when it is a proprietary
compiler.)

        GnuPG is offering a FOSS privacy tool.

        One can scrutinize it, appreciate it, and say thank you,

        or be paranoid enough to never use it,

        or some other in-between balance, that's comfortable for the
individual's threat model.
        The gnupg-users list can help with clearing up technical questions
and let the users decide for themselves.
        vedaal
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to