Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Any project missing on the updated map of a "GNU Internet" ?

Lluís Batlle i Rossell viric at viric.name
Mon Oct 5 08:33:53 PDT 2015


On Mon, Oct 05, 2015 at 04:52:03PM +0200, carlo von lynX wrote:
> On Mon, Oct 05, 2015 at 04:17:05PM +0200, Lluís Batlle i Rossell wrote:
> > Well, we don't have build farms for ARM, so it is common for people to
> > build all there, for example. Following upstream means building more than
> > gentoo, because the dependencies are totally explicit at any point.
> 
> Oh, good to know. On the other hand it should be safe to randomly use
> prebuilt binaries because all binaries are reproducible, so a malevolent
> provider cannot know in advance which packages will be checked for
> reproducibility... yes?

Well, it is not so simple. Not all builds are binary-reproducible yet, but
that is a desired goal. Of course, the reproduceability can be checked by
anyone.

> > Maybe you could mention also somewhere that modern PGP thing (which is pgp at
> > the end): keybase.io. It just came to mind.
> 
> There are several stop-gap opportunistic approaches to key retrieval
> around.. pEp, LEAP. I think we should be leveraging the social graph
> for key acquisition instead, with a private distributed implementation
> like GNS for example. You use it like an address book and your social
> network guarantees that you picked the correct public key, without
> any state authority knowing anything.

I agree; i just mentioned these for the map.

As for key interchange, there is also SafeSlinger. Just for the
map.

-- 
(Escriu-me xifrat si saps PGP / Write ciphered if you know PGP)
PGP key D4831A8A - https://emailselfdefense.fsf.org/



More information about the liberationtech mailing list