-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodrigo Baroni <rodrigobaroni@xxxxxxxxx> wrote: > > > > this. in general, relying on packages made by others when it comes to > > > > security stuff isn't very smart. > > Does you know the Debian policy about package maintainers? I don't > think so. I hope you didn't bet any money on that :-) in my opinion using a package system for security stuff decreases security. i think it best to build the stuff directly from official sources (note: i did not write latest official sources) - simply for the reason that one doesn't have to rely on additionally trusting others to some extend, even in times of gnupg and such. it's just an unnecessary step (to save time), and it does not increase security - so why take it in the first place? your opinion obviously differs; you like the idea of having a neat package ready for use, tested by others, its integrity assured by others. that's all fine with me, and i know lots of ppl think that way - or there wouldn't be such fame of package systems at all. but please keep in mind there are folks who prefer to do things the perl way ;) and i'm just one of them. if you look around there's plenty of different ways of running unix systems out there, all for a reason. best example with good docs would be LFS. that's not only something for ppl with too much time on their hands, one can build a pretty damn tight and secure system that way. anyway, and more to the point of this thread's origin: if the latest official sources had been used, and the examples in loop-aes.readme followed by the letter, there wouldn't have been a problem. now that's IF IF IF talking, but still, lots of ppl waste time over this. what if it just seems to work one day... - -- Bastard Administrator in $hell -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCHNufLMyTO8Kj/uQRAqclAJ92eyrwUZ7sh70zk+8x1kAYqXHrgwCeM2X4 U4TA9NrJezatgYxGVHFQFxo= =cfjO -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
