On 05/22/2018 05:26 AM, speck for Greg KH wrote:
> On Tue, May 22, 2018 at 10:00:35AM +0200, speck for Peter Zijlstra wrote:
>> On Mon, May 21, 2018 at 04:30:27PM -0400, speck for Jon Masters wrote:
>>> Let's skip the FUD tho. It's not a "website". It's an open source
>>> end-to-end encrypted chat application.
>>
>> But it is not packaged by any distro afaik, so you basically have to
>> trust their webshite to fetch a binary, which is pretty dodgy if you ask
>> me.
> 
> You mean you don't trust the "run a random binary from the internet as
> root?" instructions they provide you:
> 	https://keybase.io/docs/the_app/install_linux

Conversely, encrypted GPG email is so secure. Just last week, I recall
reading about how great it is that there are totally no problems.

Do I like the "run this binary" instructions? No. But you can also
download the source from github and build it. Which of course is totally
secure because we're all going to audit every line of the source before
we build it, just like people who rebuild Android because that's way
more secure than trusting the images they download. Just like how we all
audited our email and GPG implementations, as well as IRC clients, and
all of the other software we're running, completely.

So anyway, the above aside, I get it. The companies involved were
willing to use Keybase (which they suggested), so it was better than the
alternative of having no communications channel. There's a lot we can
learn collectively as an industry :)

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop