Re: [Tails-dev] Tails 0.14 vs. iceweasel 10.0.9esr-1

This message is part of the following thread:
M\the complete thread tree sorted by date
MM\Ague Mill at <-
MMMintrigeri at ->
Delete this message

Reply to this message
Author: adrelanos
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Tails 0.14 vs. iceweasel 10.0.9esr-1
I looked into the install-tbb.sh script.

Ague Mill:
> gpg --keyring /usr/share/keyrings/debian-keyring.gpg --verify
"$TBB_SIGNATURE" "$TBB_ARCHIVE"

I am not sure this is a good idea. There are a lot people in this
keyring. I'd only verify against the current TBB maintainers.

Not saying anyone in the Debian keyring is untrustworthy. Limiting the
the number of trusted people to the actual TBB maintainers dramatically
shrinks the attack surface.

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] [PATCH] Remove the last absolute path in our SYSLINUX configRe: [Tails-dev] Tails 0.14 vs. iceweasel 10.0.9esr-1->
lists.autistici.org administrated by postmasterLurker (version 2.3)