Is there such a thing as a Multisig APT Repository?
So multiple signatures would be needed to release updates should for example, @Patrick be detained and forced to sign malicious scripts? (And who would be brave enough to hold a key?)
Yes, that is the main problem these “canarys in the coalmine” have. They are a great thing in theory, however countrys like the US have laws in place which allow them to both, force someone to “work” with them and keep that “warrant” up.
Luckily, Patrick doesn’t live in the US but in Germany were, at the moment, there is no legislation in place which could make something like forcing someone who works on a “lawful project” (like Whonix) possible.
well if they forced Tor and Debian to put backdoors inside them = no more Whonix,Tails,Hidden services…
and by this we conclude that IS really put America to sh*t on their pants , and the idiot America (idiots leading it) r destroying their own liberty/freedom in order to defend IS (specially lone-wolves).
Tor and Debian get much more scrutiny and auditing than Whonix so I’m less worried about those. If there was a malicious Whonix update, who would know?
What makes America great are its Founding Principles and its Constitution that gives it the potential to be great. Realizing that potential requires a moral and educated populace. Americans tend to be law-abiding and caring people but education has been going downhill for decades and sometimes, ignorance trumps even morality.
EDIT: I’ll just add that it’s not surprising for the rest of the world to be frustrated and unnerved given the potential for the abuse of military and economic power.
Alice has a GPG secret key on a usb keyring. If she loses that keyring, she will have to revoke the key. This sucks because she go to conferences lots and is scared that she will, eventually, lose the key somewhere. So, if, instead she needed both her laptop and the usb keyring in order to have her secret key, losing one or the other does not compromise her gpg key. Now, if she splits the key into a 3-of-5 share, put one share on her desktop, one on the laptop, one on her server at home, and two on the keyring, then the keyring-plus-any-machine will yield the secret gpg key, but if she loses the keyring, She can reconstruct the gpg key (and thus make a new share, rendering the shares on the lost usb keyring worthless) with her three machines at home.