Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] About "Confide"

Jonathan Wilkes jancsika at yahoo.com
Sat Apr 26 16:33:44 PDT 2014


On 04/26/2014 05:18 PM, Shava Nerad wrote:
>
> Anyone who is lauding the verifiability of open source security 
> software had best show that their code has been regularly and 
> thoroughly audited.
>

I'm not sure what that means, so I'll start a new paragraph for what 
could be a non sequitur...

Someone doesn't have to be an active scientist doing peer reviewed 
research in order to laud the verifiability of the scientific method.  
Similarly, I don't have to be an active security dev working on peer 
reviewed software in order to recognize the obvious benefits of the free 
software approach over proprietary development.

Anyone who wants to ignore those obvious benefits best explain how they 
would verify a fix for the heartbleed bug if the public weren't allowed 
to read the code.  And what if you didn't trust their description of the 
fix?  What if you, as an expert security programmer, suspected that the 
proprietary team wasn't using a sane codebase or doing a good job of 
maintaining it?  How would you leverage your skills to improve that 
proprietary security library?

Compare the time it takes you to respond to the time it took the OpenBSD 
peeps to do a "git clone" command.

-Jonathan




More information about the liberationtech mailing list