[linux-elitists] Surveillance

Greg KH greg at kroah.com
Sun Sep 8 09:08:24 PDT 2013


On Sun, Sep 08, 2013 at 02:57:29PM +0200, Eugen Leitl wrote:
> On Sat, Sep 07, 2013 at 09:14:31PM -0700, Greg KH wrote:
> 
> > But what else needs to be worked on?  What gaps do people feel we have
> > that are cauing problems that we can solve with technological measures,
> > not just legal ones?
> 
> Real physical security and a process to keep signing secrets
> secure in community based Linux and *BSD distributions.

What are the problems in the existing processes that you feel are week?
For example, what is wrong with openSUSE's signing process that you feel
are wrong?

> Review of anything crypto based. Completely different process
> for anything crypto based than for everything else. No more 
> undetected regression meltdowns a la Debian.

What type of review?  What type of process would catch stuff like that?

thanks,

greg k-h


More information about the linux-elitists mailing list