Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
Colin Law
clanlaw at gmail.com
Sun Aug 9 11:20:32 UTC 2015
On 9 August 2015 at 12:12, <silver.bullet at zoho.com> wrote:
> On Sun, 9 Aug 2015 11:53:54 +0100, Colin Law wrote:
>>So in practice how would I actually go about verifying an Ubuntu ISO
>>in a country where all my web access may be intercepted and faked?
>
> See my Donald Duck mails.
>
> You need to know somebody you trust and you need to be sure that you
> really own a key of this person or duck. With such a key you could
> verify other keys and there might be a chain of trust including the key
> of Donald Duck.
>
> You can't get such a key by Internet access, you neither can download
> a friend or something to eat, nor the air you breathe.
>
> You don't get friends, something to eat, the air you breathe and a
> key you trust, that can be used to validate other keys, not by
> downloads.
I begin to think you are a politician as I cannot get a simple yes/no answer :)
I asked
"I believe you are saying that
I cannot verify an Ubuntu ISO in such circumstances unless I can get
the key from another source, such as physically smuggling it into the
country, or from someone else that I trust who has obtained it by a
trusted route. Is that your meaning?"
I think your answer to that is "Yes". Is that correct?
Colin
More information about the ubuntu-users
mailing list