Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Circle to publish source code?

Bernard Tyers - ei8fdb ei8fdb at ei8fdb.org
Thu Oct 11 16:37:55 PDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Is this a case of people (lib tech/security community) trusting people  of "up-to-now good security community reputation" (Phil Zimmerman and Jon Callas) combined with public statements (to the affect of "we will be releasing the source code") combined with briefings with selected groups?

Just curious. It goes back to the discussion about trusting open source software, or trusting people who we believe to have good intentions.

Bernard


PS: To try and keep the mood light: I wonder if the founders are fans of mid-80s German Euro-disco bands?


On 12 Oct 2012, at 00:09, Christopher Soghoian wrote:

> Hi Nadim,
> 
> You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle?
> 
> The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is "damaging the state of the cryptography community"?
> 
> I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype).
> 
> Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them?
> 
> Chris
> 
> [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc]
> 
> 
> On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> On 10/11/2012 5:51 PM, Ryan Gallagher wrote:
> > To Nadim: I'm interested to know, did you contact anyone at SC before
> > writing your blog post? Seems to me you arrived at your rather scathing
> > conclusion largely on the basis of an assumption. A sort of shoot first,
> > ask questions later approach. It actually says on the SC website that SC
> > will use "Open Source Peer-Reviewed Encryption." It also says,
> > unambiguously, "/We believe in open source/."
> 
> It's almost impossible to develop the software Silent Circle is
> attempting to develop without using at least one open source library -
> this is in fact accentuated in my blog post.
> I sincerely apologize if my post is jumping the gun a bit, but aside
> from reassurances in private press conferences, Silent Circle hasn't
> made any statement that supports their releasing their code as open
> source. In fact, they have been very ambiguous on this issue prior to
> their alleged private statements yesterday and today.
> 
> I will update my blog post the moment they announce that Silent Circle
> will be open source. I don't mean to "shoot first, ask questions later,"
> but rather highlight serious potential dangers.
> 
> 
> >
> > ------------------------------------------------------------------------
> >> From: companys at stanford.edu
> >> Date: Thu, 11 Oct 2012 12:48:03 -0700
> >> To: liberationtech at lists.stanford.edu
> >> Subject: Re: [liberationtech] Silent Circle to publish source code?
> >>
> >> We both received the same messages from Ryan Gallagher and Dan Gillmor:
> >>
> >> @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm
> >> doing + he told me they'll be making everything open source.
> >>
> >> That's why I added the question mark, in case someone on the list knew
> >> anymore (for example, when -- what date? -- do they plan to publish
> >> the code).
> >>
> >> I've contacted @Silent_Circle via Twitter and invited them on to
> >> Liberationtech. If anyone knows how to reach someone on the team
> >> directly, please let me know.
> >>
> >> It'd be nice to send them a personal invitation, so we can talk to the
> >> team directly rather than have a secondhand conversation.
> >>
> >> Best,
> >> Yosem
> >>
> >> On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> >> > It would have been much nicer to create this thread based on real source
> >> > code, instead of a tweet based on word of mouth. We'll see.
> >> >
> >> > NK
> >> >
> >> > On 10/11/2012 3:27 PM, Yosem Companys wrote:
> >> >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday
> >> >> that Silent Circle (contrary to what you say in your post) will
> >> >> publish source code.
> >> >> --
> >> >> Unsubscribe, change to digest, or change password at:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >> >>
> >> > --
> >> > Unsubscribe, change to digest, or change password at:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >> --
> >> Unsubscribe, change to digest, or change password at:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> >
> > --
> > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

- --------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJQd1hUAAoJENsz1IO7MIrrsxkIAJd96UqYhaeczfBX9hk6d7fU
mEe8TQBwaMXp1P4vFwL/Va1mo3zECEc3pyq2TVC0c97o2e03urUyLlFNkGxR+1xJ
kiZQUCzcQlYvoIf2GyQcevDvqkozkRn+sr7vTSvyrkSBfgoYbeCASlUUWrtOSu2x
N+WcYXm5fqfzd3nofNYMTuQFj/Mca+3CixtJc8+2G1z+2F5ot6J0SyJLxtZpFhWH
SIoKuYcJKBh2RBHPcXL1JB3cvNaWFYN0u/V99dp8t0wFm8w8/hfLnjh9uYduGlOi
QODXgTNyz+DdgLZ/GfHJCtx57N9KtM0coITCoO48Y/+AuFpXqw+TjgaT/MxSAro=
=kvmS
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list