Re: Why are in-person meetings required for the debian keyring?

To: debian-project@lists.debian.org
Subject: Re: Why are in-person meetings required for the debian keyring?
From: Nikolaus Rath <Nikolaus@rath.org>
Date: Thu, 12 Feb 2015 12:31:55 -0800
Message-id: <[🔎] 87fvaa7txg.fsf@thinkpad.rath.org>
Mail-followup-to: debian-project@lists.debian.org
References: <[🔎] 87r3twgsvb.fsf@thinkpad.rath.org> <[🔎] 0000014b7a8b3b86-34c1547c-c3bb-4d4c-8241-c782ef02d3fd-000000@email.amazonses.com> <[🔎] 87k2znqcgy.fsf@thinkpad.rath.org>

Nikolaus Rath <Nikolaus@rath.org> writes:
> I think that's a pretty weak argument. Even if you assume that a
> theoretical perpetrator originally joined Debian with good intentions
> (i.e., without using a faked id in the first place), and that you are
> actually able to sue in the relevant country, you'd still have a very
> hard time proving any malicious intention (the developer may just not
> have noticed the compromising code).

This seems like a good opportunity to point to
http://underhanded.xcott.com/ for some really great examples of how to
introduce a backdoor with plausible deniability.

Best,
-Nikolaus

-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

Reply to:

References:
- Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Sam Hartman <hartmans@debian.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>

Prev by Date: Re: Why are in-person meetings required for the debian keyring?
Next by Date: What do you expect from the DPL?
Previous by thread: Re: Why are in-person meetings required for the debian keyring?
Next by thread: Re: Why are in-person meetings required for the debian keyring?
Index(es):
- Date
- Thread