[TriLUG] Fwd: Trust issues with RH and Debian package managers

[Christian J Hedemark]

Lisa,

Thanks for forwarding this.  I think the threat is real.  Is it likely?
Maybe not.  But it is possible, and it is within the known intent of the FBI
so it does warrant attention.

Have we grown too dependent on the Internet for up to the second packages?
Have you considered the possibility of subscribing to snail mailed updates
on CD ROM?  Would you feel more comfortable updated your wu-ftpd RPM if it
came on a shiny CD-ROM with Red Hat's logo on it?  It wasn't that long ago
that this was the more common way to recieve system patches.  Maybe there is
some merit to doing things the "old fashioned way" if you are that worried
about the FBI.

I'm worried more about my fellow citizens than I am the FBI.  In the wake of
9/11 too many are ready to cast our civil liberties to the wind in the name
of security, and now our FBI is embracing and extending the tactics of the
KGB and the Stasi.  The Stasi were probably worse than the KGB, and it is a
testimony to their ability to hide their presence that few even know who
they were.  Those guys used to archive everything about everybody in
subterranean bunkers.  If you made it to their watch list, they didn't just
get NEW dirt on you but they requisitioned all the OLD dirt on you that were
already archived.  Technologies like Magic Lantern and Carnivore in the
hands of the Stasi would have been... well... I am shaking too much to
consider that possibility in the U.S.   But we're well on our way to such a
police state, and 9/11 got your next door neighbors to start supporting Big
Brother.

[snip some politically incorrect commentary on what I would like all my
socialist neighbors to do]