[rc5] Re: Availability of Bovine source code

Seth Dillingham seth at snet.net
Sun Nov 9 23:39:14 EST 1997

Chris Arguin (Chris.Arguin at unh.edu), on 11/9/97 11:24 PM, wrote the 

>Personally, I would certainly like to see the source freely available, but
>I understand why they don't. But one of the lessons I think that Linux
>teaches is this: If you have a security flaw, keeping the source code
>secret so that no one finds out about it won't work. Making the source
>available allows everybody to analyze it for flaws, and makes for a more
>secure product.

You're not just expressing your opinion here, but that of many people on 
this list. In fact, there was a whole thread a couple months back about 
"security through obscurity", but that thread was beaten to death.

I *think* distributed.net recognizes that this method of security is... 
not secure at all. That would explain why they've already announced that 
the (currently vaporous) v3 clients will be source-available.

At the moment, of course, 'security through obscurity' truly does apply 
to the v3 clients. Can't beat what doesn't exist.


                  seth at snet.net
            Public Key available at

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list