BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] NAS: encryption
- Subject: [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Wed, 8 Jul 2015 14:50:27 -0400
- In-reply-to: <20150708171817.GC20673@dragontoe.org>
- References: <5596D8DA.2000201@gmail.com> <55980A9F.4020007@gmail.com> <BY1PR0401MB1641117906253C39D8075681DC940@BY1PR0401MB1641.namprd04.prod.outlook.com> <sjmd203evpz.fsf@securerf.ihtfp.org> <CAFv2jcba50_Kw9V-p7brmeJ5Fk=9rzeQRLRzBUVRK8uZ71wZNA@mail.gmail.com> <BY1PR0401MB164127DEA53006B9692DC60CDC920@BY1PR0401MB1641.namprd04.prod.outlook.com> <20150707222633.GA20673@dragontoe.org> <559D3066.9080703@gmail.com> <20150708154729.GB20673@dragontoe.org> <559D4AED.1020605@gmail.com> <20150708171817.GC20673@dragontoe.org>
On 7/8/2015 1:18 PM, Derek Martin wrote: > But it does not matter; you asked if I know any such people; you did > not ask me to prove it. Moreover, MY trust depends neither on my > ability nor my willingness to prove my trust TO YOU. My willingness to trust you does. Your claim is that open source is good because "some smart people" who you are unwilling or unable to name say it is. And then you provide one cherry-picked (as far as I can tell) example to specifically name, totally missing the irony of that person's job being identifying where open source security fails. And then you tell me to figure out the rest for myself. The appropriate response in polite conversation would be something like I flip you the bird and walk away. > The notion that open source affords only an illusion of more assurance > than closed source is nonsense. It is still not perfect, as surely > no human endeavor is. The notion is not nonsense. It's reality. It's why Bashdoor went publicly undetected for 25 years. Many eyes looked at it but none of them, not even those of the vaunted unnameables, not even yours, spotted it or twigged to the severity. All of us... well, most of us anyway, myself included, were blinded by the illusion. We believed if there were problems then "some smart people" would have noticed them and fixed them because that's what open source is all about. That didn't happen and we got another critical security flag day for the year. -- Rich P.
- Follow-Ups:
- [Discuss] NAS: encryption
- From: dbarrett at blazemonger.com (Daniel Barrett)
- [Discuss] NAS: encryption
- References:
- [Discuss] NAS: buy vs. build
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: encryption
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] NAS: encryption
- From: abreauj at gmail.com (John Abreau)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: encryption
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] NAS: encryption
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] NAS: encryption
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] NAS: buy vs. build
- Prev by Date: [Discuss] NAS: encryption
- Next by Date: [Discuss] NAS: encryption
- Previous by thread: [Discuss] NAS: encryption
- Next by thread: [Discuss] NAS: encryption
- Index(es):