Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] secure download tool - doesn't exist?!?

Eleanor Saitta ella at dymaxion.org
Mon Jul 1 14:01:35 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2013.07.01 12.19, adrelanos wrote:
> - you still have to tell the user "you must download tool X before
> you can download Y"

This, of course, is a global problem everywhere.  A secure channel
requires a shared secret, in this case between the developers and the
end user.  How does the user get their initial OS image if it didn't
come with their machine or they didn't buy it in a brick and mortar
store (both hard for FLOSS).  Solutions in the non-general case are
nice, but we should also remember that we have no general case
solution either.

(Likewise for firmware, but that's much worse)

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlHR7i8ACgkQQwkE2RkM0wq/RgD+MMJ/9eXI2byOijdvuhliXPWc
7SR2Txav51dJ8P74smsA/jNZaidqpkxTI2wkXjJMbnU4S+ZLBH1G3GGivXHYXcsO
=txp0
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list