GnuPG Stories: Daniel Kahn Gillmor from Debian & the ACLU

Описание: Consider donating to GnuPG so that we can continue to secure Debian's software updates (as well as Red Hat, SUSE, Ubuntu, and many other free software distributions). https://gnupg.org/donate

In this interview, Daniel Kahn Gillmor, a technologist at the ACLU and a Debian developer, talks about his responsibilities within Debian (he takes care of GnuPG and many related packages), how GnuPG is used in Debian (all developers are required to have an OpenPGP key), what Debian uses OpenPGP keys for ("not so much for the secrecy that OpenPGP often provides, but we use it for authentication," for example, to check uploaded packages, to call for a vote, to actually vote, to sign all software updates, etc.), why this is important ("forging mail is easy;" if you're not cryptographically verifying things, you've opened yourself up to an attack), how effective this is ("The big scary boogie man, of course, is nation-state actors. I don't know how well we can actually effectively defend against the really dedicated, advanced persistent threat like that, but they certainly would need to do a lot more work if we weren't using GPG to defend it; "[For instance] we've seen software that's been compromised by attacks on the infrastructure. And, we catch those attacks, because they're missing cryptographic signatures."), and who relies on GnuPG in practice (everyone, "because [GnuPG] is part of this critical part of the infrastructure.").

Debian: https://www.debian.org
ACLU: https://www.aclu.org

Credits:

Author & Camera: Neal H. Walfield
Editor & Graphics: Raphael Schauff