[liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
Jonathan Wilkes
jancsika at yahoo.com
Wed Jun 12 12:03:33 PDT 2013
________________________________
>From: micah <micah at riseup.net>
>To: Andy Isaacson <adi at hexapodia.org>; liberationtech <liberationtech at lists.stanford.edu>
>Sent: Wednesday, June 12, 2013 11:54 AM
>Subject: Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain
>Andy Isaacson <adi at hexapodia.org> writes:
>> I use gnupg daily.
>So do I, and you might too, and do not realize it! If you use Debian, a
>Debian derivative (like Ubuntu), you use this stuff all the time, and
>don't even have to think about it.
>>> I do not consider the tools easy to use at all ...
>When you talk about how hard this stuff is, and how unusable it is,
>don't forget that there are cases where it is so easy and usable that
>you are not even aware of it.
Don't forget, however, that both users and devs of Debian can essentially
ignore the finer details of GPG because of the way the Debian community
itself operates.
Because freely available, freely auditable software is the product around
which the community is based, and because the Debian community itself
is made up of an unusually (uniquely?) high proportion of software mavens,
GPG web of trust can be leveraged to lower the cost of maintaining a
decentralized repository for the code/binaries. If shenanigans happen,
the result (if any) will be evident in changed code/binary, which has a
history and can be changed back; moreover, since the entire community
is highly educated, even the laziest dev will quickly get up to speed if his/her
key turns out to be comprimised.
If we're going to refer to Debian in this context, it should
be as shining example of what can be achieved when there's a critical
mass of community members who know what their strengths are and
use them to make a system better than it was when they found it, and
give those improvements freely to everyone. If you remove "free
software" as the core goal and replace it with "Bitcoin OTC",
"community credits" or even "free software equivalent of Facebook's
Like button", then you must reassess every single benefit that
web of trust has in Debian. (E.g., there's no risk of "credit default swaps"
with free software.)
-Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130612/99baead0/attachment.html>
More information about the liberationtech
mailing list