Even if they manage to distribute the keys in a manner that generates trust, without appropriate transparency, how do I know that the vendors are protecting their private key data?
Not to mention the build system.
It's only a matter of time before a rogue operating system is released using the misappropriated key data of an unfortunate OEM vendor. I hear that there are still some nation states with enough cash to fund this sort of subversive activity.
Ps.BOFH, I received an error while logging in using Google Appspot OpenID
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2012-01-23 05:36 am (UTC)Not to mention the build system.
It's only a matter of time before a rogue operating system is released using the misappropriated key data of an unfortunate OEM vendor. I hear that there are still some nation states with enough cash to fund this sort of subversive activity.
Ps.BOFH, I received an error while logging in using Google Appspot OpenID