[rc5] Security, Java, and Source

Ivo Janssen ivo at ricardis.tudelft.nl
Fri Oct 10 19:48:32 EDT 1997


On Fri, 10 Oct 1997, Marc Sissom wrote:

> Besides, the java clients exist, why not release them?
> Even if no one modifies the java client to run a native core,
> there will be some folks that will run it, who would not be
> running a client otherwise.
> 
> Remember, security has officially been denied as the reason
> for concealing the v2 code. What is the reason for not releasing

No, not denied, just not "primary reason".

But I must admit I'm getting more and more into this java-client.
Maybe it's not so bad afterall. The dev team should look into this
once more, especially before v3.. One easy-to-maintain (or two
actually, a gui version and a commandline) codetree for all the stuff
around the core... And even a java-core if no-one ported rc5 to that
platform.

Two disadvantages: code size and easy_to_install.
How many of you of there actually have a java-[interpreter|whatever]
running on your machine? I only have java within Netscape, but not
outside it. Also I'm sure most academic Unix machines won't have one.
Now we have the advantage of a single, very small binary, which I can
install on every computer I walk by.

Still there's a point in not releasing sources. What about myself. I
think I know C, because I read "C for Dummies". So I decide to
optimize my client. Unfortunately, I accidentely remove two
rotate-instructies from the source, but don't notice. Now I get _the_
block from a proxy and return it as not the one.

O my god! That IS already possible with v1!!!!
Hope no-one like me downloaded that source!

Greetings,
Ivo

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list