Ulteriore effetto interessante: Atlassian ha sede a Syndey e BitBucket (maggior competitor di GitHub recentemente acquistato da Microsoft) è un prodotto di Atlassian. Diventa ancora più importante, per chiunque utilizzi BitBucket, firmare crittograficamente le commit per evitare che vengano manomesse. E probabilmente dovremmo pensare nuovi metodi per garantire che il primo scaricamento dei sorgenti non sia vulnerabile a manomissioni. Giacomo On Sun, 9 Dec 2018 at 13:38, Giacomo <giacomo@tesio.it> wrote:
Il December 7, 2018 12:10:01 PM UTC, Alberto Cammozzo <ac+nexa@zeromx.net> ha scritto:
<https://arstechnica.com/tech-policy/2018/12/australia-passes-new-law-to-thwa...>
On Thursday, the Australian parliament approved a measure that critics say will weaken encryption in favor of law enforcement and the demands of government.
The new law, which has been pushed for since at least 2017, requires that companies provide a way to get at encrypted communications and data via a warrant process. It also imposes fines of up to A$10 million for companies that do not comply and A$50,000 for individuals who do not comply. In short, the law thwarts (or at least tries to thwart) strong encryption.
Companies who receive one of these warrants have the option of either complying with the government or waiting for a court order. However, by default, the orders are secret, so companies would not be able to tell the public that they had received one.
"It's a big deal," Adam Molnar, a lecturer in criminology at Deakin University in Australia, told Ars.
However, the law as currently written seems to contain what some view as a loophole. The statute says that companies cannot be compelled to introduce a "systemic weakness" or a "systemic vulnerability" into their software or hardware to satisfy government demands.
Those terms are not fully defined in the current law but are set to be added in the forthcoming amendments.
Molnar pointed out that the new law not only implicates his home country but also the other four members of the so-called "Five Eyes" of English-speaking nations, which include New Zealand, Canada, the United Kingdom, and the United States.
The US government (particularly the FBI and Department of Justice) has long complained of the "going dark" problem, but it has not managed to get any adequate federal legislation to address the issue since the failed "Clipper Chip" of the 1990s.
Australian authorities are already known to cooperate with American law enforcement, notably as part of the investigations into the "Love Zone" child-porn website.
"The Government is responding to the impediment that the increasing prevalence of encrypted data and communications represents to available investigative and interception capabilities," the Australian parliament wrote in its Bill Digest.
"The Bill contains measures aimed at facilitating lawful access to communications and data through two avenues—decryption of encrypted technologies and access to communications and data at points where they are not encrypted."
[...] _______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
Questa legge potrebbe avere interessanti effetti collaterali sul software libero.
Anzitutto la possibilità di ispezionare il sorgente e compilarlo diventa più importante.
D'altro canto sarà necessario porre maggiore attenzione al software libero guidato da team australiani, che potrebbero essere costretti ad introdurre vulnerabilità.
Quanto ai contributi australiani a software libero internazionale, sarà necessario porre maggiore attenzione durante la revisione delle patch. Tale attenzione potrebbe però rendere i contributi australiani più sicuri degli altri.
Giacomo