[rc5] Re: Availability of Bovine source code

Seth Dillingham seth at snet.net
Sun Nov 9 23:39:14 EST 1997


Chris Arguin (Chris.Arguin at unh.edu), on 11/9/97 11:24 PM, wrote the 
following:

>Personally, I would certainly like to see the source freely available, but
>I understand why they don't. But one of the lessons I think that Linux
>teaches is this: If you have a security flaw, keeping the source code
>secret so that no one finds out about it won't work. Making the source
>available allows everybody to analyze it for flaws, and makes for a more
>secure product.

You're not just expressing your opinion here, but that of many people on 
this list. In fact, there was a whole thread a couple months back about 
"security through obscurity", but that thread was beaten to death.

I *think* distributed.net recognizes that this method of security is... 
not secure at all. That would explain why they've already announced that 
the (currently vaporous) v3 clients will be source-available.

At the moment, of course, 'security through obscurity' truly does apply 
to the v3 clients. Can't beat what doesn't exist.

Seth


-------------------------------------------------
                  seth at snet.net
    http://macrobyte.simplenet.com/sethspeak/
         http://www.distributed-mac.net/
-------------------------------------------------
            Public Key available at
http://macrobyte.simplenet.com/seth/publickey.txt
-------------------------------------------------

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list