Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts

Colin Law clanlaw at gmail.com
Sun Aug 9 10:09:05 UTC 2015


On 9 August 2015 at 10:43,  <silver.bullet at zoho.com> wrote:
> On Sun, 09 Aug 2015 11:22:37 +0200, Oliver Grawert wrote:
>>* do not use third party repositories like PPAs (unless you can and
>>want to inspect the source code in there before using the binaries)
>
> This depends to the trustworthiness. You might trust the Ubuntu
> maintainers and you might trust a PPA maintainer. Assumed you trust
> those people, than you still need trusted keys.
>
> I already posted it two times:
>
> https://help.ubuntu.com/community/VerifyIsoHowto

Does this guarantee the iso is good if you live in a country where the
government may intercept your web access?  For example would it not be
possible to intercept access to the ubuntu keyserver and provide
fraudulent keys, matching those in the fraudulent iso file?

I am not suggesting that this is the case here, just asking the question.

Colin




More information about the ubuntu-users mailing list