Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
silver.bullet at zoho.com
silver.bullet at zoho.com
Sun Aug 9 11:57:18 UTC 2015
On Sun, 9 Aug 2015 12:20:32 +0100, Colin Law wrote:
>I begin to think you are a politician as I cannot get a simple yes/no
>answer :) I asked
It's because we reply to the mail of the other at the same time. We
reply to older mails.
The problem is the nature of "trust".
In the end it's a philosophical question, that can't be answered by a
simple yes or no.
From a technically point of view, it's already harder for a government
to redirect to faked ISO and checksum download sites and at the same
time to redirect every possibility to share a valid public key.
They need to redirect all key servers, they even need to redirect to a
faked, edited mailing list archive without to much delay.
With this mail to the list, I could post a good public key, somebody
else could provide a good public key to validate other public keys in a
different way somewhere else. The government needs to get control about
the whole Internet. This is impossible!
No government has absolutely control over the Internet!
OTOH while you most likely could find a way to validate ownership of
public keys, there's most likely no a way to trust everything provided
by Ubuntu, even if you should trust the Canonical owner and all package
maintainers. They can't verify the complete source code they use to
provide their packages.
In the end you need to trust the community, other humans, yourself.
More information about the ubuntu-users
mailing list