oss-sec mailing list archives
Re: CVE for Kali Linux
From: Alexander Cherepanov <cherepan () mccme ru>
Date: Sun, 22 Mar 2015 23:41:56 +0300
On 2015-03-22 21:33, Daniel Micay wrote:
HTTPS/HSTS/HPKP is important because it doesn't require that the user goes out of their way to validate the software (few do) and is needed to build the initial trust in the first place. How else do you get the GPG public key in the first place?
By HTTP via several routes. It's easy now -- just use Tor. Download you bootstrapping pieces through clearnet once and via Tor several times switching circuits in-between and compare them.
-- Alexander Cherepanov
Current thread:
- Re: CVE for Kali Linux, (continued)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Donald Stufft (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Stephen Kitt (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
- Re: CVE for Kali Linux Russ Allbery (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Russ Allbery (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
- Re: CVE for Kali Linux Marcus Meissner (Mar 23)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
- Re: CVE for Kali Linux Marcus Meissner (Mar 23)