X-Authentication-Warning:	delorie.com: mail set sender to geda-user-bounces using -f
X-Recipient:	geda-user AT delorie DOT com
Date:	Sat, 14 Aug 2021 08:19:21 +0000
From:	"Branko Badrljica (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com>
To:	geda-user AT delorie DOT com
Subject:	Re: [geda-user] geda and pcb git repos inaccessible ?
Message-ID:	<20210814081921.36041abe@(none)brane_wrks>
In-Reply-To:	<CAHUm0tOAtfH-8pUu3RYoxFHKM=p1qBCXn9tfwy4aTxux6e6M6g@mail.gmail.com>
References:	<20210813015127 DOT 43f5c7cd AT brane_wrks>
	<xnh7fuds0u DOT fsf AT envy DOT delorie DOT com>
	<6115ecdb DOT 1c69fb81 DOT ee1b6 DOT 51cfSMTPIN_ADDED_BROKEN AT mx DOT google DOT com>
	<CAJZxidBFpXjWSjWRdo71W7hM--naM9ohBo+-p_EY+rpddcWUMA AT mail DOT gmail DOT com>
	<61171bcb DOT 1c69fb81 DOT a7fc2 DOT 9206SMTPIN_ADDED_BROKEN AT mx DOT google DOT com>
	<CAHUm0tOAtfH-8pUu3RYoxFHKM=p1qBCXn9tfwy4aTxux6e6M6g AT mail DOT gmail DOT com>
Organization:	S5
X-Mailer:	Claws Mail 4.0.0 (GTK+ 3.24.29; x86_64-pc-linux-gnu)
MIME-Version:	1.0
Reply-To:	geda-user AT delorie DOT com
Errors-To:	nobody AT delorie DOT com
X-Mailing-List:	geda-user AT delorie DOT com
X-Unsubscribes-To:	listserv AT delorie DOT com

And I believe you by default.
There seems to be something special about you...
;o)

On Sat, 14 Aug 2021 14:04:38 +0930
"Erich Heinzle (a1039181 AT gmail DOT com) [via geda-user AT delorie DOT com]"
<geda-user AT delorie DOT com> wrote:

> this is why I always use SVN for pcb-rnd
> 
> ;-)
> 
> Erich
> 
> On Sat, 14 Aug 2021 10:56 Branko Badrljica (brankob AT s5tehnika DOT net)
> [via geda-user AT delorie DOT com], <geda-user AT delorie DOT com> wrote:
> 
> > On Fri, 13 Aug 2021 10:59:29 -0400
> > "Chad Parker (parker DOT charles AT gmail DOT com) [via geda-user AT delorie DOT com]"
> > <geda-user AT delorie DOT com> wrote:
> >
> > > If you're concerned about maintaining the integrity of the source
> > > code as you download it, git makes it easy to compute and compare
> > > the hashes of your source tree with that of the server's.
> >
> > Git wasn't made with great securtiy in mind. Yes, it has hashes, but
> > those were broken. There was a case of good attempt of source
> > insertion in Linux kernel. Had it gone unnoticed, that source plant
> > would have a HUGE/GLOBAL muultiplicative effect. Everyone bases
> > their kernel on www.kernel.org.
> >
> > It took them ages to change the hash and even curernt version isn't
> > anything to write home about. And there probably are plenty of other
> > vulnerabilities and concerns.
> > I have nothing against git, but it isn't a tool for ensuring safety
> > or confidenitality or privacy  as its priority.
> >
> > Use tool for the job. Users expect to be able to go about their
> > business without EVERYONE along the way taking notes of that.
> >
> > That is, unless you happen to have other instructions - to keep it
> > open.
> >
> > After all, geda/PCB do get used by interesting crowd that
> > Surveillance State has to keep their eye on.
> > But as I said, that would make you guys (not that well) hidden
> > participants.
> >
> > >
> > > If you don't trust the developers... well, there's nothing I can
> > > really do about that, other than to say that none of us are
> > > interested in gaining root access to any of your computing
> > > devices or networks. You can believe me or not. That's up to you.
> >
> > I trust no one completely, much less usual strangers that I never
> > met. Which is probagbly around baseline standard - nothing
> > especially paranoic.
> >
> > WRT trust to the state- we obviously already have installed
> > omnipresewnt surveillance system that scores behavioural patterns of
> > EVERY CITIZZEN in REAL TIME ( automatedly):
> >
> >
> > https://www.reddit.com/r/conspiracy/comments/p3ja8j/personal_score_point_system_of_the_global/
> >
> >
> > and we have fresh things like "The Secrets Act" that will enable The
> > State to basically lock out ANYONE with an "inconvenient truth".
> > And the first batch of freshly jailed people is already being
> > prepared. And big platforms are trying to hide "The Secrets Act" in
> > their new usage rules:
> >
> >
> > https://www.reddit.com/r/conspiracy/comments/p3j13e/newest_changes_in_privacy_policies_and_forum/
> >
> >
> >
> >
> >
> > >
> > > Does this mean that there are zero security flaws? No. I don't
> > > think any of us are computer security professionals. We're mostly
> > > just engineers that enjoy coding. So, we do our best. If you find
> > > some issues, we'd welcome you pointing them out, or even better,
> > > providing a patch that fixes them.
> > >
> > > --Chad
> > >
> > >
> > > On Thu, Aug 12, 2021 at 11:54 PM Branko Badrljica
> > > (brankob AT s5tehnika DOT net) [via geda-user AT delorie DOT com]
> > > <geda-user AT delorie DOT com> wrote:
> > >
> > > > On Thu, 12 Aug 2021 21:58:57 -0400
> > > > DJ Delorie <dj AT delorie DOT com> wrote:
> > > >
> > > >
> > > > > You are an overly paranoid individual...
> > > >
> > > > Couple more things:
> > > >
> > > > 1. One of the methods of breaching the machies are timing
> > > > attacks and usual excplouts over networks. They breach your
> > > > server through a service and get to own it.
> > > >
> > > > 2. Servers as yours have high "multiplicative effects". Your
> > > > server can fruther the attack on any client that connects to
> > > > git repo and thus infect their machines through similar or very
> > > > same attack vector.
> > > >
> > > > 3. World is full of intertwined human swarm, engaged in a war.
> > > > This kind of stance exposes you and might make you seem as a
> > > > prticipant and thus a target. Norm for the git is https
> > > > transfers everywhere outside controlled internal LAN.
> > > > You are sticking out of the norm. If anyone
> > > > gets suspicious, you could be on shortlist of hostile
> > > > "suspects". Swarms aren't known for lengthy legal processes,
> > > > evidence collecting, "innocent until proven guilty" etcetc.
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> >

- Raw text -