Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
Subject: Re: Secrecy and user trust
From: Ed Greshko <Ed.Greshko@xxxxxxxxxxx>
Date: Mon, 08 Sep 2008 08:43:01 +0800
In-reply-to: <48C47154.40001@xxxxxxx>
References: <48BD6B95.9030401@xxxxxxx> <544eb990809020927i313cba2bnf449e6737e67728e@xxxxxxxxxxxxxx> <48BD6CE5.3060303@xxxxxxxxx> <544eb990809020951o5270a862n461d2fb4f5c78f27@xxxxxxxxxxxxxx> <48BD7C8E.9050505@xxxxxxx> <20080902135544.4sgel1t94c0sco84-zeznkk@xxxxxxxxxxxxxxxxxxx> <48BDA778.3020002@xxxxxxxxx> <20080902210444.GE3924@xxxxxxxxxxxxxxxxxxxxx> <g9m66m$mae$1@xxxxxxxxxxxxx> <1220467367.10774.12.camel@xxxxxxxxxxxxxxxxxx> <48BF593E.8050105@xxxxxxx> <1220534670.15676.24.camel@xxxxxxxxxxxxxxxxxx> <48BFFAEC.6090600@xxxxxxxxxxx> <1220542196.15676.33.camel@xxxxxxxxxxxxxxxxxx> <48C07722.3080401@xxxxxxxxxxx> <48C13C4F.3040301@xxxxxxx> <48C161C2.2030307@xxxxxxxxxxx> <48C2EB90.9040009@xxxxxxx> <48C38612.30805@xxxxxxxxxxx> <48C4419F.8080307@xxxxxxxxx> <48C45D46.6010201@xxxxxxxxxxx> <48C45EAF.3010003@xxxxxxxxxxx> <48C47154.40001@xxxxxxx>
Reply-to: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080421 Lightning/0.8 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666

Bill Davidsen wrote:


>
>>
>> If the public/private key methods employed today are as easy to
>> penetrate and subvert as some seem to be claiming then one has to
>> question why  it hasn't already been done.
>>
> It has already been proved to be possible, so discussion of how easy
> it is or way is irrelevant, at least to me.
???  It has?  So, what was done?  Was the signing key of Fedora
compromised?  Was a replacement key public key generated and
distributed?  Were packages signed by the replacement key distributed? 

What was "proven".

>
> The new public key could be distributed from the master Red Hat
> servers, not from mirrors, which would allow validation of the content
> by the validity of the SSL certificate. Once a trusted signature is
> available, all other packages, from mirror or torrent, could be
> properly validated.
"Could"...how?
>
> While this is inconvenient, it is also as secure as the original, and
> not readily vulnerable to attacks in the distribution, since middlemen
> are not involved. And once the key is out for a few days, and many
> users have it and can quickly compare it to any other key distributed
> by other means, then it can be sent out in a more convenient manner if
> people really feel the need to trade some security for ease of use.
>
A whole bunch of people are wringing their hands over nothing.  I
suppose if you want to continue doing that that is your choice. 

The strange things is that none of this would have come up if the
servers of Fedora hadn't been penetrated by some method which nobody on
this list is privy to...but can spend endless hours on idle speculation
and fear mongering. 

[WOT comment] I suspect that those fear peddlers, if located in the US,
will also be voting for the Republican candidate.  :-)

-- 
Some people's mouths work faster than their brains. They say things they
haven't even thought of yet.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Follow-Ups:
- Re: Secrecy and user trust
  - From: Bill Davidsen

References:
- Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Bill Crawford
- Re: Secrecy and user trust
  - From: Les Mikesell
- Re: Secrecy and user trust
  - From: Bill Crawford
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: John Aldrich
- Re: Secrecy and user trust
  - From: Travis Arnold
- Re: Secrecy and user trust
  - From: Anders Karlsson
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Patrick O'Callaghan
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Patrick O'Callaghan
- Re: Secrecy and user trust
  - From: Ed Greshko
- Re: Secrecy and user trust
  - From: Patrick O'Callaghan
- Re: Secrecy and user trust
  - From: Ed Greshko
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Ed Greshko
- Re: Secrecy and user trust
  - From: Bill Davidsen
- Re: Secrecy and user trust
  - From: Ed Greshko
- Re: Secrecy and user trust
  - From: Les Mikesell
- Re: Secrecy and user trust
  - From: Ed Greshko
- Re: Secrecy and user trust
  - From: Ed Greshko
- Re: Secrecy and user trust
  - From: Bill Davidsen

Prev by Date: Re: Secrecy and user trust
Next by Date: Re: service; ps & grep help
Previous by thread: Re: Secrecy and user trust
Next by thread: Re: Secrecy and user trust
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux