Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DecryptoCat

Jens Christian Hillerup jens at
Thu Jul 4 03:18:26 PDT 2013

On Thu, Jul 4, 2013 at 11:36 AM, KheOps <kheops at> wrote:

> Just came accross this:


It seems like the saying "given enough eyeballs, all bugs are shallow" has
become obsolete, huh? Peer review is an integral part to developing secure
cryptography implementations, but unfortunately this fundamentally crashes
with the hacker mantra of "just do it". It's a shame that this project did
not get this kind of attention until after people started relying on
it---that could have saved a lot of people from a lot of shouting in any

So what do we do about this? Opening the source code as an argument for
security no longer suffices. How can we raise money for rigid and
independent quality assurance of software that in this case is designed to
potentially saving lives? And how can we make sure that this money flows
into the fund and out to the QAers on a regular basis?

I don't know, sadly, but I'd love to discuss it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list