SoylentNews is people
SoylentNews
First things first: The Missing Link!
Dmitry Bogatov (maintainer for several Debian packages and a TOR exit node) was arrested in Moscow, accused of endorsing violence and mayhem. The Debian project reacted by - besides giving their moral support - revoking access rights based on his private key as a precaution, in case the key gets compromised.
This discussion has been archived.
No new comments can be posted.
Dmitry Bogatov (Debian Package and TOR Exit Node Maintainer) in Custody
|
Log In/Create an Account
| Top
| 33 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
There is no distinctly native American criminal class except Congress.
-- Mark Twain
(Score: 3, Interesting) by DannyB on Wednesday April 19 2017, @03:02PM (4 children)
Was the arrest because he ran a Tor exit node? Or was it because of some traffic going through that node? Or was it because either Dimitry or some traffic going through his Tor node was offensive to the Russian government or at the risk of being redundant, offensive to Trump?
It was wise of Debian to consider his private keys to be compromised. Now suppose Dimitry is released and not prosecuted. Even if he uses new private keys and communicates with Debian project personnel, can he be considered compromised against his will?
I'll take that further. If you have a project with a code contributor that can be pressured by certain governments and their TLAs, (eg NSA, FBI, etc); then can you trust their contributions? Or maybe all code from any sources should be scrutinized since you can't know for sure who can be pressured to do what.
If your boy is chewing on electrical cords, then ground him until he conducts himself properly.
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 19 2017, @03:07PM
A valid digital signature is merely one more checkbox on the "This looks OK" criteria.
(Score: 5, Interesting) by VLM on Wednesday April 19 2017, @03:12PM (1 child)
can he be considered compromised against his will?
Debian has always been a security theater OS where the devs "need" 4096 bit keys despite source code coming from shar archives on usenet or rando ftp sites (sure most is guithub/gitlab now a days, but ...). Also they let in systemd, for goodness sakes. Default configs don't look like secure secure shell (or didn't recently)
https://stribika.github.io/2015/01/04/secure-secure-shell.html [github.io]
Its hard to decide is spending time in prison would make security theater apply or not.
(Score: 2) by butthurt on Thursday April 20 2017, @08:53AM
> source code coming from shar archives on usenet or rando ftp sites
If it's been read by someone competent in the language, that can mitigate the fact that it changed hands in an insecure way. Not to say that the Debian maintainers necessarily do such auditing.
(Score: 0) by Anonymous Coward on Thursday April 20 2017, @01:40AM
The government may want to punish the one they think is responsible for the post. At the same time they get to punish people for contributing TOR exit nodes that let other evade their claws. Running a server inside the TOR network is more likely to go under the radar for this kind of government apparatus.