浏览代码

Trust but verify

Bob Mottram 11 年前
父节点
当前提交
7e57ec3226
共有 1 个文件被更改,包括 6 次插入0 次删除
  1. 6
    0
      beaglebone.txt

+ 6
- 0
beaglebone.txt 查看文件

@@ -52,6 +52,12 @@ FreedomBone should be far more secure than using popular cloud-based services wh
52 52
 Hardly at all.  The BeagleBone Black consumes very little power - less than 5W.  It would even be potentially possible to run it from a solar panel.
53 53
 ** Can I use a Raspberry Pi instead?
54 54
 These instructions are not highly specific to the Beaglebone Black and so will likely also work on other single board computers (SBCs) such as the Raspberry Pi.  The original Raspberry Pi only had 256MB of RAM and so the performance of some services may be more limited.  The Beaglebone Black was chosen mainly because of its low cost, relatively good CPU performance for the price (by the standards of 2013) and also low electricity consumption.
55
+** Why should I trust the packages or source code downloaded from this site?
56
+If you're particularly security conscious then you shouldn't.  Binary or source packages have only been included here for convenience and to avoid confusion.  "/Go and find a Debian installation for the BeagleBone Black somewhere on the web/" is too vague an instruction for my liking, and I've attempted to keep things as concise and unambiguous as possible - particularly with an average or new Linux user in mind.
57
+
58
+However, for maximum security for those software systems which are not already packaged within the Debian repositories then seek out the original sources and verify the hashes independently.
59
+
60
+It's worth adopting an attitude of "/trust but verify/".  Don't let fear of mass surveillance and [[https://www.techdirt.com/articles/20140207/08354426130/gchq-has-entire-program-dirty-tricks-including-honeypots-using-journalists-deleting-online-accounts.shtml]["dirty tricks"]] paralyse you into trusting nothing and consequently doing nothing.  Doing nothing means they win.
55 61
 * Inventory
56 62
 
57 63
 #+BEGIN_VERSE