[Discuss] NAS: encryption
Richard Pieri
richard.pieri at gmail.com
Wed Jul 8 14:50:27 EDT 2015
On 7/8/2015 1:18 PM, Derek Martin wrote:
> But it does not matter; you asked if I know any such people; you did
> not ask me to prove it. Moreover, MY trust depends neither on my
> ability nor my willingness to prove my trust TO YOU.
My willingness to trust you does. Your claim is that open source is good
because "some smart people" who you are unwilling or unable to name say
it is. And then you provide one cherry-picked (as far as I can tell)
example to specifically name, totally missing the irony of that person's
job being identifying where open source security fails. And then you
tell me to figure out the rest for myself. The appropriate response in
polite conversation would be something like I flip you the bird and walk
away.
> The notion that open source affords only an illusion of more assurance
> than closed source is nonsense. It is still not perfect, as surely
> no human endeavor is.
The notion is not nonsense. It's reality. It's why Bashdoor went
publicly undetected for 25 years. Many eyes looked at it but none of
them, not even those of the vaunted unnameables, not even yours, spotted
it or twigged to the severity. All of us... well, most of us anyway,
myself included, were blinded by the illusion. We believed if there were
problems then "some smart people" would have noticed them and fixed them
because that's what open source is all about.
That didn't happen and we got another critical security flag day for the
year.
--
Rich P.
More information about the Discuss
mailing list