X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f X-Recipient: geda-user AT delorie DOT com Date: Sat, 14 Aug 2021 08:19:21 +0000 From: "Branko Badrljica (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com]" To: geda-user AT delorie DOT com Subject: Re: [geda-user] geda and pcb git repos inaccessible ? Message-ID: <20210814081921.36041abe@(none)brane_wrks> In-Reply-To: References: <20210813015127 DOT 43f5c7cd AT brane_wrks> <6115ecdb DOT 1c69fb81 DOT ee1b6 DOT 51cfSMTPIN_ADDED_BROKEN AT mx DOT google DOT com> <61171bcb DOT 1c69fb81 DOT a7fc2 DOT 9206SMTPIN_ADDED_BROKEN AT mx DOT google DOT com> Organization: S5 X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-To: geda-user AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: geda-user AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk And I believe you by default. There seems to be something special about you... ;o) On Sat, 14 Aug 2021 14:04:38 +0930 "Erich Heinzle (a1039181 AT gmail DOT com) [via geda-user AT delorie DOT com]" wrote: > this is why I always use SVN for pcb-rnd > > ;-) > > Erich > > On Sat, 14 Aug 2021 10:56 Branko Badrljica (brankob AT s5tehnika DOT net) > [via geda-user AT delorie DOT com], wrote: > > > On Fri, 13 Aug 2021 10:59:29 -0400 > > "Chad Parker (parker DOT charles AT gmail DOT com) [via geda-user AT delorie DOT com]" > > wrote: > > > > > If you're concerned about maintaining the integrity of the source > > > code as you download it, git makes it easy to compute and compare > > > the hashes of your source tree with that of the server's. > > > > Git wasn't made with great securtiy in mind. Yes, it has hashes, but > > those were broken. There was a case of good attempt of source > > insertion in Linux kernel. Had it gone unnoticed, that source plant > > would have a HUGE/GLOBAL muultiplicative effect. Everyone bases > > their kernel on www.kernel.org. > > > > It took them ages to change the hash and even curernt version isn't > > anything to write home about. And there probably are plenty of other > > vulnerabilities and concerns. > > I have nothing against git, but it isn't a tool for ensuring safety > > or confidenitality or privacy as its priority. > > > > Use tool for the job. Users expect to be able to go about their > > business without EVERYONE along the way taking notes of that. > > > > That is, unless you happen to have other instructions - to keep it > > open. > > > > After all, geda/PCB do get used by interesting crowd that > > Surveillance State has to keep their eye on. > > But as I said, that would make you guys (not that well) hidden > > participants. > > > > > > > > If you don't trust the developers... well, there's nothing I can > > > really do about that, other than to say that none of us are > > > interested in gaining root access to any of your computing > > > devices or networks. You can believe me or not. That's up to you. > > > > I trust no one completely, much less usual strangers that I never > > met. Which is probagbly around baseline standard - nothing > > especially paranoic. > > > > WRT trust to the state- we obviously already have installed > > omnipresewnt surveillance system that scores behavioural patterns of > > EVERY CITIZZEN in REAL TIME ( automatedly): > > > > > > https://www.reddit.com/r/conspiracy/comments/p3ja8j/personal_score_point_system_of_the_global/ > > > > > > and we have fresh things like "The Secrets Act" that will enable The > > State to basically lock out ANYONE with an "inconvenient truth". > > And the first batch of freshly jailed people is already being > > prepared. And big platforms are trying to hide "The Secrets Act" in > > their new usage rules: > > > > > > https://www.reddit.com/r/conspiracy/comments/p3j13e/newest_changes_in_privacy_policies_and_forum/ > > > > > > > > > > > > > > > > Does this mean that there are zero security flaws? No. I don't > > > think any of us are computer security professionals. We're mostly > > > just engineers that enjoy coding. So, we do our best. If you find > > > some issues, we'd welcome you pointing them out, or even better, > > > providing a patch that fixes them. > > > > > > --Chad > > > > > > > > > On Thu, Aug 12, 2021 at 11:54 PM Branko Badrljica > > > (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com] > > > wrote: > > > > > > > On Thu, 12 Aug 2021 21:58:57 -0400 > > > > DJ Delorie wrote: > > > > > > > > > > > > > You are an overly paranoid individual... > > > > > > > > Couple more things: > > > > > > > > 1. One of the methods of breaching the machies are timing > > > > attacks and usual excplouts over networks. They breach your > > > > server through a service and get to own it. > > > > > > > > 2. Servers as yours have high "multiplicative effects". Your > > > > server can fruther the attack on any client that connects to > > > > git repo and thus infect their machines through similar or very > > > > same attack vector. > > > > > > > > 3. World is full of intertwined human swarm, engaged in a war. > > > > This kind of stance exposes you and might make you seem as a > > > > prticipant and thus a target. Norm for the git is https > > > > transfers everywhere outside controlled internal LAN. > > > > You are sticking out of the norm. If anyone > > > > gets suspicious, you could be on shortlist of hostile > > > > "suspects". Swarms aren't known for lengthy legal processes, > > > > evidence collecting, "innocent until proven guilty" etcetc. > > > > > > > > > > > > > > > > > > > > > > > >