Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
Colin Law
clanlaw at gmail.com
Sun Aug 9 11:22:39 UTC 2015
On 9 August 2015 at 12:20, <silver.bullet at zoho.com> wrote:
> On Sun, 9 Aug 2015 12:03:45 +0100, Colin Law wrote:
>>On 9 August 2015 at 11:53, <silver.bullet at zoho.com> wrote:
>>> Note, there are two things you need to trust.
>>>
>>> 1. Do you trust an ISO signed by Donald Duck?
>>>
>>> Assumed you do, you need the public key of Donald Duck.
>>>
>>> 2. You need to trust that the key is really owned by Donald Duck.
>>>
>>> You can trust the key of Donald Duck if you got the key from him,
>>> instead of downloading it from a key server, or because you got a key
>>> from Daisy Duck and you trust Daisy Duck, while her key confirms that
>>> the key you own from Donald Duck, is really the key from Donald Duck
>>> and not just a faked key owned by Gladstone Gander.
>>
>>Is that intended to be an answer to my question "So in practice how
>>would I actually go about verifying an Ubuntu ISO in a country where
>>all my web access may be intercepted and faked?"?
>
> No, I received it after I sent my reply. But indeed, it does answer
> this question.
>
>>You did not quote anything so I don't know. If it is then I believe
>>you are saying that I cannot verify an Ubuntu ISO in such
>>circumstances unless I can get the key from another source, such as
>>physically smuggling it into the country, or from someone else that I
>>trust who has obtained it by a trusted route. Is that your meaning?
>
> Yes, that's what I pointed out :).
Thanks.
Colin
More information about the ubuntu-users
mailing list