Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Apr 2013 10:25:04 +0200
From: Dag-Erling Smørgrav <>
Cc:,  Alistair Crooks <>,  Josh Bressers <>
Subject: Re: upstream source code authenticity checking

Kurt Seifried <> writes:
> This makes no sense. So you don't trust their signature because they
> have to "earn trust", but you do trust their software and you compile
> and run it? That's literally insane.

This is exactly the logic used by web browsers to justify scaring users
away from https sites that haven't payed the Verisign tax...

Dag-Erling Smørgrav -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.