>If any Trisquel user facing a malfunction she cannot explain would write in capital letters that "Trisquel might have been compromised", then the forum would be full of such messages. If, every other user could simply state, without any justification, that this is due to a vulnerability in the application, then that would be the (almost always wrong) answer to every request for help.

That would be true if people would not take the time to test the system and try to understand what was going on. I did. So... yeah, you are trying to make look like a newbie who only knows coming here for advice, which I am not.

>The "reference" you gave does not even relate to Trisquel's browser, which is based on Firefox 22 and not on the ESR branch. On the correct page, none of the vulnerabilities of Firefox 22 that were fixed in Firefox 23 (t3g wrote it was such a vulnerability to have the pleasure to criticize, one more time, Trisquel's lead developer) has a direct relation with SSL/TLS.

I know it was about esr. I was merely trying to show that there are vulnerabilities! I said that, why do you pretend you did not read what I wrote?? And I don't see why we should never call into question Trisquel, this forum, or the Trisquel developers. I am not saying we should not respect all their work, but we have the right to ask questions! And stating that the system might be compromised does not mean that the team is malicious. There could be a bug, a mistake, anything! People here overreact whenever someone says "The Trisquel team did a bad job on X or Y". WHY?? Everyone is called into question, for example, if I sometimes defend the Tor team for example, is because I took the time to read A LOT, know who were the persons involved in it, what their background was, study the way Tor worked, and always read when someone writes something about them that sounds "weird". I take those chances to make sure I am on the right team with the right players. And guess what... they all agree! Jacob for example, he always says "Why should you trust me? Test my work and let me know if it is correct!" So... there, I don't think saying that the Trisquel team could perform better, or asking them for an explanation (like the whole google dns issue) is wrong.

> Sure, there exist vulnerabilities, such as this one that "could be exploited to run arbitrary code". But, now listen carefully: if your system was compromised, it would not behave in a weird way. When bad guys gain control over a system, one of their main goal is to not be detected so that the system stays in their botnet. You can therefore be sure that your your HTTP connections were not systematically ceasing to be secure because your system was compromised.

Well that depends on the bad guys. SSL Strip attacks would allow bad guys to get login information for example to email accounts. So... that would really depend. You are in no position at all to make that call.

> Now please stop bragging about how you are worrying about security. Security is not a matter of "opinion" (as you write) and you obviously do not know much about it. And, please stop attacking every user of this forum who disagrees with you.

Well, if you don't understand the dangers of ssl strip attacks, maybe you are the one who don't know a thing about security. You know, people have been treating me like I was a newbie when it comes to computers, GNU, linux, security, everything! Well, I might be new here in Trisquel, I always admitt that, but when it comes down to security and other computer affairs... I am no newbie. And you tried to make me look like that twice in this comment. Don't expect me to react with joy -.- Also, I did not attack anyone. I gave each comment a personal direct reply. That took time and a lot of thought, but instead of realising that I was treating every opinion as an equal, you said I was attacking. Well, of course, ICarolongo (or something) gave a totally unrelated comment, almost as if he was accusing me of something. Well, I did not like that. But I did not attack anyone. Now, you (like other people here in this forum) don't like when someone tells you that you are wrong and states some obvious reasons why you are acting in a way that is not helpful to be issue at hand. While others might put up with that (I read many past threads, and sometimes you made people go away because you treated them like idiots) I won't. So, until I decide that it's time for me to leave, don't expect me to accept every word that comes out of your mouth as if it was pure and gold. I will question whoever and whatever I want, whenever I want. That is actually one of the key aspects in SECURITY, call into question everything to find the hidden shit... Just to let you know.

Now if you think Trisquel is not compromised and think it will never be... Well, leave this thread then. But I worry about security in Trisquel and others do too. We have all the right to. I HAVE ALL THE RIGHT TO, AFTER WHAT I EXPERIENCED! Might have been a targeted attack against me, but still... If it affected me, it would obviously affect other Trisquel users, so I still made a good decision letting everyone know.

Reply via email to