BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Shellshock
- Subject: [Discuss] Shellshock
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Wed, 01 Oct 2014 13:22:42 -0400
- In-reply-to: <CAAbKA3V6ChuM_1-s9rJp831sGYTox=GhWcrC6HuMjk5r6EnLkw@mail.gmail.com>
- References: <542B5DFA.2080108@gmail.com> <542B5F49.3050500@gmail.com> <CAAbKA3U4r-rxkAW33HPfv6FJE36rqDJx6qESbrS4r7G_VBN1Mw@mail.gmail.com> <542C1899.2000402@gmail.com> <CAAbKA3V6ChuM_1-s9rJp831sGYTox=GhWcrC6HuMjk5r6EnLkw@mail.gmail.com>
On 10/1/2014 12:34 PM, Bill Ricker wrote: > Yes indeed. Unskeptical eyes are useless for security review no matter > how multiplied. As an aside, this is why I trust self-encrypting disk firmware. Rather, it's better to say that I don't trust it any more or less than I trust software like TrueCrypt and Bitlocker that I don't understand either. > Open source doesn't guarantee unskeptical eyes early/often, but it's > possible, unlike commercial closed source where it's forbidden (except > when actively required by Military contract). That's not true. Having skeptical eyes is not forbidden. Whether or not those eyes can do anything about what they see is a different issue, one that can usually be traced back to whoever holds the purse. But then, money or lack thereof is one of the things that ails many high profile open source projects, too. -- Rich P.
- References:
- [Discuss] Shellshock
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Shellshock
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] Shellshock
- Prev by Date: [Discuss] Shellshock
- Next by Date: [Discuss] Server/laptop full-disk encryption
- Previous by thread: [Discuss] Shellshock
- Next by thread: [Discuss] Shellshock
- Index(es):