>If any Trisquel user facing a malfunction she cannot explain would write in
capital letters that "Trisquel might have been compromised", then the forum
would be full of such messages. If, every other user could simply state,
without any justification, that this is due to a vulnerability in the
application, then that would be the (almost always wrong) answer to every
request for help.
That would be true if people would not take the time to test the system and
try to understand what was going on. I did. So... yeah, you are trying to
make look like a newbie who only knows coming here for advice, which I am
not.
>The "reference" you gave does not even relate to Trisquel's browser, which
is based on Firefox 22 and not on the ESR branch. On the correct page, none
of the vulnerabilities of Firefox 22 that were fixed in Firefox 23 (t3g wrote
it was such a vulnerability to have the pleasure to criticize, one more time,
Trisquel's lead developer) has a direct relation with SSL/TLS.
I know it was about esr. I was merely trying to show that there are
vulnerabilities! I said that, why do you pretend you did not read what I
wrote??
And I don't see why we should never call into question Trisquel, this forum,
or the Trisquel developers. I am not saying we should not respect all their
work, but we have the right to ask questions! And stating that the system
might be compromised does not mean that the team is malicious. There could be
a bug, a mistake, anything! People here overreact whenever someone says "The
Trisquel team did a bad job on X or Y". WHY?? Everyone is called into
question, for example, if I sometimes defend the Tor team for example, is
because I took the time to read A LOT, know who were the persons involved in
it, what their background was, study the way Tor worked, and always read when
someone writes something about them that sounds "weird". I take those chances
to make sure I am on the right team with the right players. And guess what...
they all agree! Jacob for example, he always says "Why should you trust me?
Test my work and let me know if it is correct!"
So... there, I don't think saying that the Trisquel team could perform
better, or asking them for an explanation (like the whole google dns issue)
is wrong.
> Sure, there exist vulnerabilities, such as this one that "could be
exploited to run arbitrary code". But, now listen carefully: if your system
was compromised, it would not behave in a weird way. When bad guys gain
control over a system, one of their main goal is to not be detected so that
the system stays in their botnet. You can therefore be sure that your your
HTTP connections were not systematically ceasing to be secure because your
system was compromised.
Well that depends on the bad guys. SSL Strip attacks would allow bad guys to
get login information for example to email accounts. So... that would really
depend. You are in no position at all to make that call.
> Now please stop bragging about how you are worrying about security.
Security is not a matter of "opinion" (as you write) and you obviously do not
know much about it. And, please stop attacking every user of this forum who
disagrees with you.
Well, if you don't understand the dangers of ssl strip attacks, maybe you are
the one who don't know a thing about security. You know, people have been
treating me like I was a newbie when it comes to computers, GNU, linux,
security, everything! Well, I might be new here in Trisquel, I always admitt
that, but when it comes down to security and other computer affairs... I am
no newbie. And you tried to make me look like that twice in this comment.
Don't expect me to react with joy -.-
Also, I did not attack anyone. I gave each comment a personal direct reply.
That took time and a lot of thought, but instead of realising that I was
treating every opinion as an equal, you said I was attacking. Well, of
course, ICarolongo (or something) gave a totally unrelated comment, almost as
if he was accusing me of something. Well, I did not like that. But I did not
attack anyone. Now, you (like other people here in this forum) don't like
when someone tells you that you are wrong and states some obvious reasons why
you are acting in a way that is not helpful to be issue at hand. While others
might put up with that (I read many past threads, and sometimes you made
people go away because you treated them like idiots) I won't. So, until I
decide that it's time for me to leave, don't expect me to accept every word
that comes out of your mouth as if it was pure and gold. I will question
whoever and whatever I want, whenever I want. That is actually one of the key
aspects in SECURITY, call into question everything to find the hidden shit...
Just to let you know.
Now if you think Trisquel is not compromised and think it will never be...
Well, leave this thread then. But I worry about security in Trisquel and
others do too. We have all the right to. I HAVE ALL THE RIGHT TO, AFTER WHAT
I EXPERIENCED! Might have been a targeted attack against me, but still... If
it affected me, it would obviously affect other Trisquel users, so I still
made a good decision letting everyone know.