[tahoe-dev] Live Distribution with compiled Tahoe-Lafs

rvny at mail.ru rvny at mail.ru
Fri Dec 9 05:48:32 UTC 2011


Hello
You can clone my publish version from suse studio and check what's is rpm installed and uploaded from OpenSuse
What's files are added.

I Say what I not release only ready (compiled version), I publish project for cloning and manage for all users

May be you add MD5sum and Sha256 (SuseStudio print his)? Suse Studio locked published software and can't add modify then project is present on SuseGallery. I can add only new version
--


08 декабря 2011, 23:47 от "Zooko O'Whielacronx" <zooko at zooko.com>:
> Hello again, Renat.
> 
> I believe we have exchanged messages before on this mailing list about
> your OpenSuse-based Live CD.
> 
> I've just added your OpenSuse-based Live CD to this page:
> https://tahoe-lafs.org/trac/tahoe-lafs/wiki/OSPackages . Feel free to
> update that row.
> 
> One concern I have about Live CDs, and indeed about *all* packages of
> Tahoe-LAFS, is if the end user would be able to verify exactly what
> software they were running and if there was a backdoor or security
> flaw in it.
> 
> I see that susestudio.com has a declaration on it:
> 
> http://susestudio.com/a/FOqCQ8/tahoe-lafs-renats-suse-121
> 
> It says:
> 
> Security summary
> 
> [✓] Only official software sources are included.
> [✓] No custom software packages were uploaded.
> [ ] Overlay files were uploaded, but none are executable.
> [✓] No custom scripts were enabled.
> 
> That's a nice step to display that information, but what if that
> statement is wrong? What if the resulting Live CD actually has a
> backdoor installed on it? How could the user detect that?
> 
> This isn't a problem specific to Renat's Live CD. Every packaging of
> Tahoe-LAFS shown on
> http://tahoe-lafs.org/trac/tahoe-lafs/wiki/OSPackages should be
> critically considered with the same question in mind. Those operating
> systems use various techniques in the attempt to let people audit or
> verify their contents.
> 
> Regards,
> 
> Zooko
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
> 
> 


More information about the tahoe-dev mailing list