Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
Colin Law
clanlaw at gmail.com
Sun Aug 9 11:03:45 UTC 2015
On 9 August 2015 at 11:53, <silver.bullet at zoho.com> wrote:
> Note, there are two things you need to trust.
>
> 1. Do you trust an ISO signed by Donald Duck?
>
> Assumed you do, you need the public key of Donald Duck.
>
> 2. You need to trust that the key is really owned by Donald Duck.
>
> You can trust the key of Donald Duck if you got the key from him,
> instead of downloading it from a key server, or because you got a key
> from Daisy Duck and you trust Daisy Duck, while her key confirms that
> the key you own from Donald Duck, is really the key from Donald Duck and
> not just a faked key owned by Gladstone Gander.
Is that intended to be an answer to my question "So in practice how
would I actually go about verifying an Ubuntu ISO in a country where
all my web access may be intercepted and faked?"? You did not quote
anything so I don't know. If it is then I believe you are saying that
I cannot verify an Ubuntu ISO in such circumstances unless I can get
the key from another source, such as physically smuggling it into the
country, or from someone else that I trust who has obtained it by a
trusted route. Is that your meaning?
Colin
More information about the ubuntu-users
mailing list