[liberationtech] Any project missing on the updated map of a "GNU Internet" ?

[Lluís Batlle i Rossell]

On Mon, Oct 05, 2015 at 04:52:03PM +0200, carlo von lynX wrote:
> On Mon, Oct 05, 2015 at 04:17:05PM +0200, Lluís Batlle i Rossell wrote:
> > Well, we don't have build farms for ARM, so it is common for people to
> > build all there, for example. Following upstream means building more than
> > gentoo, because the dependencies are totally explicit at any point.
> 
> Oh, good to know. On the other hand it should be safe to randomly use
> prebuilt binaries because all binaries are reproducible, so a malevolent
> provider cannot know in advance which packages will be checked for
> reproducibility... yes?

Well, it is not so simple. Not all builds are binary-reproducible yet, but
that is a desired goal. Of course, the reproduceability can be checked by
anyone.

> > Maybe you could mention also somewhere that modern PGP thing (which is pgp at
> > the end): keybase.io. It just came to mind.
> 
> There are several stop-gap opportunistic approaches to key retrieval
> around.. pEp, LEAP. I think we should be leveraging the social graph
> for key acquisition instead, with a private distributed implementation
> like GNS for example. You use it like an address book and your social
> network guarantees that you picked the correct public key, without
> any state authority knowing anything.

I agree; i just mentioned these for the map.

As for key interchange, there is also SafeSlinger. Just for the
map.

-- 
(Escriu-me xifrat si saps PGP / Write ciphered if you know PGP)
PGP key D4831A8A - https://emailselfdefense.fsf.org/