From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx3-rdu2.redhat.com ([66.187.233.73] helo=mx1.redhat.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fLUYV-0005Dw-QB for speck@linutronix.de; Wed, 23 May 2018 16:15:56 +0200 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6C91635C2 for ; Wed, 23 May 2018 14:15:49 +0000 (UTC) Received: from washington.bos.jonmasters.org (ovpn-124-147.rdu2.redhat.com [10.10.124.147]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4A6312022EF1 for ; Wed, 23 May 2018 14:15:49 +0000 (UTC) Subject: [MODERATED] Re: Date/Time? References: <20180519172627.GB1239@kroah.com> <20180521164655.GI17976@kroah.com> <20180521171240.GD14838@char.us.oracle.com> <20180521194255.GA13975@kroah.com> <8157a65a-51ec-b866-936e-ba59bdd43d5f@redhat.com> <20180522080035.GO12198@hirez.programming.kicks-ass.net> <20180522092606.GA2440@kroah.com> From: Jon Masters Message-ID: Date: Wed, 23 May 2018 10:15:48 -0400 MIME-Version: 1.0 In-Reply-To: <20180522092606.GA2440@kroah.com> Content-Type: multipart/mixed; boundary="irenc2AWJ7S8ayBFVegu6jD07iwUqjl85"; protected-headers="v1" To: speck@linutronix.de List-ID: This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156) --irenc2AWJ7S8ayBFVegu6jD07iwUqjl85 Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/22/2018 05:26 AM, speck for Greg KH wrote: > On Tue, May 22, 2018 at 10:00:35AM +0200, speck for Peter Zijlstra wrot= e: >> On Mon, May 21, 2018 at 04:30:27PM -0400, speck for Jon Masters wrote:= >>> Let's skip the FUD tho. It's not a "website". It's an open source >>> end-to-end encrypted chat application. >> >> But it is not packaged by any distro afaik, so you basically have to >> trust their webshite to fetch a binary, which is pretty dodgy if you a= sk >> me. >=20 > You mean you don't trust the "run a random binary from the internet as > root?" instructions they provide you: > https://keybase.io/docs/the_app/install_linux Conversely, encrypted GPG email is so secure. Just last week, I recall reading about how great it is that there are totally no problems. Do I like the "run this binary" instructions? No. But you can also download the source from github and build it. Which of course is totally secure because we're all going to audit every line of the source before we build it, just like people who rebuild Android because that's way more secure than trusting the images they download. Just like how we all audited our email and GPG implementations, as well as IRC clients, and all of the other software we're running, completely. So anyway, the above aside, I get it. The companies involved were willing to use Keybase (which they suggested), so it was better than the alternative of having no communications channel. There's a lot we can learn collectively as an industry :) Jon. --=20 Computer Architect | Sent from my Fedora powered laptop --irenc2AWJ7S8ayBFVegu6jD07iwUqjl85--