On 06/05/2017 04:06 PM, Unman wrote:
On Mon, Jun 05, 2017 at 03:59:26PM +0000, 7v5w7go9ub0o wrote:
On 06/05/2017 01:42 PM, Andrew David Wong wrote:
<snip>
1. The date of issue of this canary is June 2, 2017.
<snip>
5. We plan to publish the next of these canary statements in the first
two weeks of September 2017. Special note should be taken if no new canary
is published by that time or if the list of statements changes without
plausible explanation.
<snip>
Thanks for the note.
IIUC, the canary system is now quarterly and three months until the next
canary. That also means that a back-door and gag order could be placed
into effect against Qubes today, and users would be clueless about it
'til September - up to three months of user jeopardy if there are Summer
updates.
The cautious user will reason that his system updates should be only
applied immediately before the Quarterly canary; thereby assuring -
after the canary is issued - that his quarterly update(s) was not
back-doored. This could be a disaster if an accidentally flawed update
happened to get out.
Please consider *increasing* the frequency of canaries - not decreasing.
Alternatively, consider issuing additional canaries shortly after
important system updates, and scheduling "minor" system updates a week
before the quarterly canary.
A weekly canary would be much more useful and reassuring, as I wouldn't
have to wait to do updates. Also, ISTM weekly would be easier for ITL to
manage.
I agree on the frequency point. But surely a cautious user will not
install updates until immediately AFTER the Quarterly canary, not
before. And since the canary dates are not fixed, how is one to know
when "immediately before" might be?
1. The canary needs to be issued on a fixed date for the system to work;
otherwise a "late" canary is meaningless.
2. Certainly the back-door and gag order will be mandated immediately
after the canary. So any updates after the canary are no longer
trustworthy. Any updates after the date of the most recent canary can be
compromised.
IF you update immediately before the date-certain canary, and then
discover that the canary is not updated or otherwise untrustworthy, you
then restore to the last known-good backup (and seek an explanation).
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/012fa555-c3ca-f2e4-fc06-7b40791634fb%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
