On Fri, May 02, 2014 at 05:22:11PM -0400, Griffin Boyce wrote: > No, though I have two-factor authentication using a secure device > (not a cell phone), and I can't be vanned/rubber-hosed because I don't > actually know the password to my Google developer account. Some > of this does require trust that I have a secure signing/uploading > environment.
If you can upload code -- with or without a password -- then you can be forced to upload malicious code (assuming you are vulnerable to vans and rubber hoses). -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.