I don't see that it follows that all nations will be automatically granted access, but the other part of the argument is convincing to me.
I absolutely disagree, real world compromises of build servers prove that. Red Hat have had to blacklist packages attackers have managed to sign before, e.g. https://www.redhat.com/security/data/openssh-blacklist.html …
-
-
I am positive that you can deploy insecure signing infrastructure; I am also possitive it is possible to deploy more secure solutions too and that many do.
-
Hmmm. I think you might be flipping between build servers and signing servers as is convenient for your argument, but the reality is that a compromise of either is sufficient, no?
- 32 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.