> Christoph R. Murauer wrote: > > True but let me be a littlebit paranoid. Would it not be possible to create > > a new .fs / .iso with new keys in /etc/signify/* and new SHA256 / .sig > > files to place bad content and distribute it using a torrent ? I came > > across this idea as I readed long time ago some ideas how goverments could > > distribute the here in Europe called trojan of the state (Staatstrojaner). > > Don't verify with the key inside the thing you're veriyfing. There is some > difficulty bootstrapping from nothing, but that's life.
Correct. And Christoph, you may have noticed I stopped making official CDs which did solve that particular problem. It was too much of a pain for the gain. This feels like a request to handle all this pain for torrent people. I stopped the build process for CDs because it was a lot of work for almost no financial gain, and a distraction against other things I'd rather do. Now I'm supposed to continue doing the same, for no gain at all? Allow me to express my disinterest. As Ted said. Bootstrapping problem is bootstrapping problem.
