From mboxrd@z Thu Jan  1 00:00:00 1970
From: Achim Gratz <Stromeko@nexgo.de>
Subject: Re: Why no secure code retrieval
Date: Sun, 03 Jul 2016 20:25:16 +0200
Message-ID: <87mvlymveb.fsf@Rainer.invalid>
References: <CAH+LVpme=JLA12+dWMjBsm+47niRJZFLvfmtJQ12NhPvOS8sUA@mail.gmail.com>
	<87mvm4sewl.fsf@systemreboot.net> <87y45m28vp.fsf@saiph.selenimh>
	<87lh1k5dj1.fsf@free.fr>
	<20160702165130.GA1401@scamper2.bantercat.co.uk>
	<87eg7bnqob.fsf@free.fr> <m3eg7a1wxm.fsf@alum.mit.edu>
	<CAH+LVpmmOLqpoYe5D9X01TBGbeUhooafKdZry76Ufv==ZdB0_A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54838)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <geo-emacs-orgmode@m.gmane.org>) id 1bJm5F-0005Ht-8f
	for emacs-orgmode@gnu.org; Sun, 03 Jul 2016 14:25:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <geo-emacs-orgmode@m.gmane.org>) id 1bJm5A-0004cb-Pf
	for emacs-orgmode@gnu.org; Sun, 03 Jul 2016 14:25:32 -0400
Received: from plane.gmane.org ([80.91.229.3]:41830)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <geo-emacs-orgmode@m.gmane.org>) id 1bJm5A-0004cV-BP
	for emacs-orgmode@gnu.org; Sun, 03 Jul 2016 14:25:28 -0400
Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <geo-emacs-orgmode@m.gmane.org>) id 1bJm57-00027l-Pu
	for emacs-orgmode@gnu.org; Sun, 03 Jul 2016 20:25:25 +0200
Received: from p54b478af.dip0.t-ipconnect.de ([84.180.120.175])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-orgmode@gnu.org>; Sun, 03 Jul 2016 20:25:25 +0200
Received: from Stromeko by p54b478af.dip0.t-ipconnect.de with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-orgmode@gnu.org>; Sun, 03 Jul 2016 20:25:25 +0200
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode/>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: "Emacs-orgmode"
	<emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
To: emacs-orgmode@gnu.org

Konstantin Kliakhandler writes:
> For what it is worth, the current discussion is actually precisely what I
> was aiming at. I agree with your analysis of my Intended goals but
> completely disagree that SHA1 alone is any sort of guarantee.. To be
> precise, I don't just think that it doesn't provide much, but rather that
> alone it provides none at all. This is because I have no idea who produced
> a given SHA1 - whether it was Bastien, or a MITM attacker, or just someone
> who compromised the server.

Getting the same data via https doesn't give you that sort of guarantee
either, it only ensures that the data cannot be read and altered in
transport.  If the server or repo gets compromised, then it is game over
until someone notices that the server suddenly doesn't match up the
local clone.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs