On Fri, Mar 25, 2016 at 10:25 AM, intrigeri <[email protected]> wrote:
> john smith wrote (25 Mar 2016 16:25:28 GMT) : > > And I completely understand your > > very reasonable answer above, which I will paraphrase with your > > permission: to the extent that you explored this issue, you have > > concluded that the probability of spyware hiding within the Linux > > kernel is very close to zero. > > No, I have not said any such thing. This is not paraphrasing. > > I'm giving up this discussion at this point. > The last thing I want to do is to put words in your mouth. I am just trying to understand what you are saying, but your responses are so glib, I have a hard time, and so I had to ask you for a clarification, by paraphrasing them. I am referring to your response to my query: >> I have hard time figuring out which of the following scenarios >> is taking place in Tails dev forum: >> >> (1) You, the developers, never tried to quantify the risk of >> having malware within Linux kernel firmware. Or may be you >> tried, and you concluded that you cannot put any number or a >> confidence interval on it. Either way, you decided to go ahead >> with it, so now you are distributing software which you either >> never evaluated for privacy/security purposes, or which you >> concluded was not possible to evaluate. And it's important to >> note, evaluation of risk is so hard here because the software >> supplier keeps the code obfuscated on purpose. >> >> (2) You concluded that the risk was very low: on par with >> having backdoors inside free software, so nearly zero. This is >> despite the fact that we have a long history of malware and >> spyware distributed within blobs, a long history of legal >> immunity of "legitimate" non-free software vendors, and a long >> history of spyware being explicitly legal within operating >> systems such as MS Windows, OS X, and commercial Android >> deployments. >I guess it's something from (1) and something from (2). There is only one thing in (2): you concluded the risk of spyware included in Tails was very low. There is only one thing in (1): you didn't conclude anything about the risk, either because you haven't tried or because you tried and gave up. So I stand by my (failed) attempt to paraphrase your very evasive, noncommittal statement: you haven't really attempted to quantify the risk much (something from 1), but to the extent that you did, you've concluded it was almost nonexistent (something from 2). I do however believe you really mean what you say, so I won't pretend you told me anything, if now you say you didn't. I did my best to make my queries clear, and I really tried to understand what your replies meant, but after all that it looks like you are leaving me with absolutely nothing specific, and refuse to discuss the issue any further. Please note once more, I am not making claims, I am not making arguments, I am only asking you (developers) a very simple question regarding your methodology in making Tails suitable for privacy applications, and no matter how hard I try, I can't seem to get any meaningful answers out of you all. Nada. The one answer I thought I understood (the one above), turns out I didn't. But don't think twice, it's alright, and thanks once again. _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
