Re: Automatic downloading of non-free software by stuff in main

> I guess you haven't read news about leaks happening once in a short while? > It seems as if in most cases the govt is interested mostly not in what was > leaked, but in who leaked it, so they can make an example of the > whistleblower. The arguments against this seem to center on an attacker

Re: Automatic downloading of non-free software by stuff in main

On Thu, 2017-12-07 at 22:04 +0100, Adam Borowski wrote: > I might be inattentive, but I did not notice a single pro mentioned > on > this thread. The only part, Windows-like "you downloaded this file > from the > Internet, it may be bad" popup, can be done with a boolean, and is > still a >

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 12:17:10PM -0500, Paul R. Tagliamonte wrote: > If the Secret Police has seized your computer, has physical access to > your machine and the decryption passphrase for your system, I don't > think there's any website that you visited that would be more > incriminating than

Re: Automatic downloading of non-free software by stuff in main

> I don't know how does it work in reality but the Windows way to mark > downloaded files is actually to put a zone number into the attribute, > and > zones are that thing that theoretically distinguishes between local > sites, > internet sites, trusted sites etc.: >

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 11:05:38AM -0800, Diane Trout wrote: > Tracker should have a way to avoid indexing files that have been > downloaded at least from untrusted domains, and possibly all downloaded > files. > > But yes, we should have a way of indicating "trusted" domains, so users > get

Re: Automatic downloading of non-free software by stuff in main

On Thu, 2017-12-07 at 19:25 +0100, gregor herrmann wrote: > On Thu, 07 Dec 2017 08:16:47 -0500, Paul R. Tagliamonte wrote: > > > Restricting the execution of files one downloads or disabling > > macros on > > word documents you download and open would be a huge security win. > > I'm skeptical,

Re: Automatic downloading of non-free software by stuff in main

> The pros vastly outweighs the speculitive cons on this, it's > literally > just a tag that's stored on the filesystem. If you can read the tag, > you can read the file. If you store porn that's readable by others, > it's not a shock that you go to porn websites. If you have an > overthrow the

Re: Automatic downloading of non-free software by stuff in main

On Thu, 07 Dec 2017 08:16:47 -0500, Paul R. Tagliamonte wrote: > Restricting the execution of files one downloads or disabling macros on > word documents you download and open would be a huge security win. I'm skeptical, at least if this leads to more of the well-known-and-much-despised "Do you

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 7, 2017 at 11:06 AM, Ian Jackson wrote: > Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software > by stuff in main"): >> I claim if you can read this attribute, you can observe the rest of those >> actions passively. > > So the

Re: Automatic downloading of non-free software by stuff in main

Quoting Ian Jackson (2017-12-07 17:06:43) > Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software > by stuff in main"): >> I claim if you can read this attribute, you can observe the rest of >> those actions passively. > > So the secret police who have seized my computer,

technical terms (Re: Automatic downloading of non-free software by stuff in main)

Holger Levsen writes ("technical terms (Re: Automatic downloading of non-free software by stuff in main)"): > On Thu, Dec 07, 2017 at 04:06:43PM +, Ian Jackson wrote: > > (Your logic would argue that browser porn mode is basically > > pointless.) > > I didnt get what you ment originally,

Re: Automatic downloading of non-free software by stuff in main

Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software by stuff in main"): > I claim if you can read this attribute, you can observe the rest of those > actions passively. So the secret police who have seized my computer, or my spouse who suspects me of looking at the

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 01:59:16PM +, Holger Levsen wrote: > On Thu, Dec 07, 2017 at 01:52:07PM +, Ian Jackson wrote: > > Furthermore, this "file is dangerous" attribute ought to be copied > > much more. > > no, it ought to be the default. all files should be considered harmful, > unless

Re: Automatic downloading of non-free software by stuff in main

On Dec 7, 2017 8:52 AM, "Ian Jackson" wrote: Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software by stuff in main"): > I hilariously discovered this last night as well (playing with IMA), and > removing the creation of that attr would be a

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 01:52:07PM +, Ian Jackson wrote: > Furthermore, this "file is dangerous" attribute ought to be copied > much more. no, it ought to be the default. all files should be considered harmful, unless tagged otherwise. > It seems to me therefore that this XDG url saving

Re: Automatically marking downloaded files (was Re: Automatic downloading of non-free software by stuff in main)

~Stuart Prescott writes ("Re: Automatically marking downloaded files (was Re: Automatic downloading of non-free software by stuff in main)"): > * wget in stretch doesn't set xattrs (but the version in sid does) Cripes. > * chromium doesn't set xattrs if you "File→Save" but does if the > file

Re: Automatic downloading of non-free software by stuff in main

Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software by stuff in main"): > I hilariously discovered this last night as well (playing with IMA), and > removing the creation of that attr would be a huge step back. > > Restricting the execution of files one downloads or

Re: Automatic downloading of non-free software by stuff in main

I hilariously discovered this last night as well (playing with IMA), and removing the creation of that attr would be a huge step back. Restricting the execution of files one downloads or disabling macros on word documents you download and open would be a huge security win. These attributes are

Re: Emeritus status, and email forwarding

On Thu, Dec 07, 2017 at 11:55:07AM +0100, Daniel Pocock wrote: > - the use of the debian.org addresses is a strong way for people to show > that they are doing things on behalf of Debian, This. I don't think we should drop @debian.org email addresses for that reason. -- Could you people please

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 7, 2017 at 9:09 PM, Holger Levsen wrote: > ah, so it's a privacy hole in certain tools, but not in xattr. Is it any more of a privacy hole than ~/.bash_history? -- bye, pabs https://wiki.debian.org/PaulWise

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 05:58:31PM +0500, Andrey Rahmatullin wrote: > On Thu, Dec 07, 2017 at 12:50:06PM +, Holger Levsen wrote: > > > > Ah, damnit. It supports *some* xattrs (like the security namespace), > > > > but apparently not *user* xattrs. > > > Good. While xattrs have some uses,

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 12:50:06PM +, Holger Levsen wrote: > > > Ah, damnit. It supports *some* xattrs (like the security namespace), > > > but apparently not *user* xattrs. > > Good. While xattrs have some uses, this is a hidden privacy hole most users > > aren't aware of > > could you be

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 07, 2017 at 03:27:42AM +0100, Adam Borowski wrote: > > Ah, damnit. It supports *some* xattrs (like the security namespace), > > but apparently not *user* xattrs. > Good. While xattrs have some uses, this is a hidden privacy hole most users > aren't aware of could you be so kind to

Re: Emeritus status, and email forwarding

On 15/11/17 12:53, Ian Jackson wrote: > Someone who was sort-of-MIA said on -private that they would like to > keep their @debian.org email forwarding indefinitely, as they move to > emeritus status. One alternative that wasn't mentioned in this thread: what if Debian stops providing @debian.org