[clug] How you know your Free or Open Source Software Project is doomed to FAIL

Michael Cohen scudette at gmail.com
Thu Jul 30 08:31:21 UTC 2015


On 30 July 2015 at 08:38, Carlo Hamalainen <carlo at carlo-hamalainen.net> wrote:
>
>
> On 30 July 2015 4:30:40 pm AEST, James Ring <sjr at jdns.org> wrote:
>>Well, they'd have to poison the DNS and also convince one of the
>>certificate authorities trusted by wget to issue a SSL certificate
>>with Google's name on it to the attacker.
>
> Like this?
>
> https://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtml
>

Of course if they can do this its game over for all software, not only
open source software and not only those that use curl | sh. Therefore
this link is not relevant to the present discussion.

Michael.



More information about the linux mailing list