Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DecryptoCat

Karl Fogel kfogel at
Thu Jul 4 16:08:47 PDT 2013

Jens Christian Hillerup <jens at> writes:
>So what do we do about this? Opening the source code as an argument
>for security no longer suffices. How can we raise money for rigid and
>independent quality assurance of software that in this case is
>designed to potentially saving lives? And how can we make sure that
>this money flows into the fund and out to the QAers on a regular

For what it's worth: OpenITP's Peer Review Board [1] is intended to help
with exactly this.  It's under development; Eleanor Saitta on this list
can give a better sense of where things stand at this point, but I
wanted to let you know the effort is under way.

By the way, I don't agree with the original blog post's [2] ad hominem
remarks about Cryptocat's developers.  The most popular programs are
always where people are most excited to find bugs.  It's therefore hard
to compare Cryptocat's development against that of other security
projects, given that many of those projects are not as popular as
Cryptocat -- in other words, it's hard to establish what the baseline is
or should be.  So I wish people would be more circumspect about flinging
around words like "incompetent"; it just sets a bad tone and doesn't
help anything.  Cryptocat's response [3] is exemplary.



More information about the liberationtech mailing list