[rc5] Re: Availability of Bovine source code

Chris Arguin Chris.Arguin at unh.edu
Sun Nov 9 23:24:23 EST 1997


On Sun, 9 Nov 1997, Thom Davis wrote:

> On Sun, 9 Nov 1997 21:27:35 -0500 (EST), Jason Boyles wrote:
> 
> >	The only reason I'm not participating in Bovine is because the
> >source is not freely available. No one is privy to my spare cycles
> >unless they're honest enough to show me their source code.
> 
>  But then that leaves the Bovine code open to hacking and such things. If they are willing to 
> gaurantee that it does not conflict with what I would ask, then that should be good enough.

Yes and No. I think that with the new version, the distributed.net
definition will be of a protocol. Since multiple, independent projects
are supported, it will become a matter of each group to decide if they
want to distribute source.

Of course, that does leave the option for some dishonest user to find a
way to cheat (for example, with the rc5 project to just return
immediately saying it tested all blocks). There is little benefit to this
sort of activity, but that has never stopped anyone before.

>  Do you run ANY commercial software that has OPEN SOURCE code? No! but if you ask them 
> a particular question they will answer it.

Well... A lot of us are Linux users. Many (most?) Linux machines run 100%
free software (ok... maybe 99.9%, with Netscape).  But that is a bit
unusual, and maybe makes us see things differently.  

Besides, the reason why the source isn't available with commercial
software is because they want to sell it, and make more products based on
the technologies, while keeping a competitive edge. That is not the case
with Bovine.

The difference with commercial software is that I get a lot of guarantees
that if something is wrong with the software, it won't be hard to track
down the company. With ftp transfers, that's a much harder thing to
guarantee. So if a commercial products breaks my security, I know who to
sue.

Personally, I would certainly like to see the source freely available, but
I understand why they don't. But one of the lessons I think that Linux
teaches is this: If you have a security flaw, keeping the source code
secret so that no one finds out about it won't work. Making the source
available allows everybody to analyze it for flaws, and makes for a more
secure product.

--
Chris Arguin                 | "...All we had were Zeros and Ones -- And 
Chris.Arguin at unh.edu         |  sometimes we didn't even have Ones."
                             +--------------+	- Dilbert, by Scott Adams
http://leonardo.sr.unh.edu/arguin/home.html |


----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list