09/19/2017 (Tue) 06:47:16
I've been off of the ball for a while though. For instance I noticed recently that xtrac-ytpl.sh has stopped working. I'll look at this next weekend, but I've got homework up the wazoo.
I strongly believe that binary package based distributions are not the way to go for security. You're trusting the packager or the packaging team not to insert their own backdoor or malware, and you have no way to check if that has happened. Everything running on a secure computer has to have been compiled from source that is resident on your computer. That way if you suspect that something is wrong, you can at least check. I don't have the time or the expertise to do this but there are enough computer security experts out there that will, and will hopefully raise a red flag in a blog post, or in an article, or publicize it in a bug tracker. Right now, by using parabola (debian, ubuntu,mint,fedora,etc) , I'm trusting the packager that they don't work for an Intelligence agency of some small European country, or for a hacking team operating out of Russia. If they get caught (unlikely) they can just change their fake name and move on to the next distribution of linux (if they're not already doing it to the packages there as well).
I generally fell off of the wagon when I realized that my computer hardware and operating system were a major point of unreliability, and the probable source of my leak and privacy issues.
Binary package based distributions are a good place to start for someone learning to use GNU/Linux, but they're not the place to be for secure / private systems. Those are just my opinions, I'm not an expert in computer security, but by talking about it we'll get to the bottom of this eventually.