gnu-linux-libre
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Help users to verify their downloads

From: bill-auger
Subject: Re: [GNU-linux-libre] Help users to verify their downloads
Date: Mon, 25 Jun 2018 07:15:21 -0400 
On Mon, 2018-06-25 at 11:33 +0200, Jean Louis wrote:
> If users don't know how to verify PGP fingerprints
> with the issues of the PGP key, and it is anyway
> unlikely that any serious percentage would be
> doing so, then we are wasting time by creating
> apparent security.

it is why package managers such as apt and pacman run the verifications
implicitly so that the user does not need to know how it is done - i think this
discussion was prompted more in terms of downloading ISOs and installers - to
this ill add to that the parabola ISO can actually be made by any user of a
parabola system - one simply installs the 'parabolaiso' package and runs a
single command to generate a pristine ISO

of course you need an existing arch or parabola system to bootstrap this but
perhaps your neighbor has one but this ties Jean's reply into the one i posted a
few days ago showing that a community user-base can itself be a security feature
as long as someone in the community can advise and assist others and those
others know where to ask

the guix "blob-challenge" is another example of this

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to
[Prev in Thread] Current Thread [Next in Thread]