Singapore Government Hackers Love to Hack Teo En Ming's Computers, Smartphones, and Internet Online Accounts
Colin Law
clanlaw at gmail.com
Sun Aug 9 12:20:14 UTC 2015
On 9 August 2015 at 12:57, <silver.bullet at zoho.com> wrote:
> On Sun, 9 Aug 2015 12:20:32 +0100, Colin Law wrote:
>>I begin to think you are a politician as I cannot get a simple yes/no
>>answer :) I asked
>
> It's because we reply to the mail of the other at the same time. We
> reply to older mails.
Yes, you are right. Sorry.
>
> The problem is the nature of "trust".
>
> In the end it's a philosophical question, that can't be answered by a
> simple yes or no.
>
> From a technically point of view, it's already harder for a government
> to redirect to faked ISO and checksum download sites and at the same
> time to redirect every possibility to share a valid public key.
>
> They need to redirect all key servers, they even need to redirect to a
> faked, edited mailing list archive without to much delay.
>
> With this mail to the list, I could post a good public key, somebody
> else could provide a good public key to validate other public keys in a
> different way somewhere else. The government needs to get control about
> the whole Internet. This is impossible!
>
> No government has absolutely control over the Internet!
> OTOH while you most likely could find a way to validate ownership of
> public keys, there's most likely no a way to trust everything provided
> by Ubuntu, even if you should trust the Canonical owner and all package
> maintainers. They can't verify the complete source code they use to
> provide their packages.
>
> In the end you need to trust the community, other humans, yourself.
Understood. Thanks.
Colin
More information about the ubuntu-users
mailing list