X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f X-Recipient: geda-user AT delorie DOT com Date: Fri, 13 Aug 2021 02:51:09 +0000 From: "Branko Badrljica (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com]" To: geda-user AT delorie DOT com Subject: Re: [geda-user] geda and pcb git repos inaccessible ? Message-ID: <20210813025109.049721d8@(none)brane_wrks> In-Reply-To: References: <20210813015127 DOT 43f5c7cd AT brane_wrks> Organization: S5 X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-To: geda-user AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: geda-user AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk On Thu, 12 Aug 2021 21:58:57 -0400 DJ Delorie wrote: > "Branko Badrljica (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com]" > writes: > > Sorry for making you repeat yourself, but at the risk of furthering > > that transgression, how is the user supposed to check integrity of > > their copies ? > > It's source code. You read it. So, when automated tool inserts a few files and make a little extra addon that installs a rootkit first time I run pcb, I am supposed to eyeball-grep that ? Every time I want to update the program ? > > > ALL data is routinely intercepted and often changed in flight. > > All done routinely and automated. > > You are an overly paranoid individual... I've seen JS in firefox break through its VM and installing a rootkit. On a decent, hardened (ASLR, SSP etc on whoole system), with SELinux active AND firefox running in firejail. All with help from main social platforms ( that deliver "enriched" JS) and utomated to a level that clearly shows government suport across 14_EYES members area at least. Sorrry to say that and I don't really like all that much all that -ng stuff in alternate fork, but you do seem to be making a case for a switch...