[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Ultimately there is no substitute for end-to-end understanding, and attaining this is a practical impossibility for most.
Having the source is not enough if you do not have the means to audit what it is actually doing. When complex maths and algorithms are used, as is the case with cryptography, if you don't understand the maths, you have no means to check whether the crypto is easily broken or not.
That said, having the source is essential to a proper audit, as is the means to reproduce a compiled binary exactly in the case of binary distributions. But the idea that source is enough is a trap we must be wary not to fall into.
John--
On 04/12/2013 13:46, Philip Hudson wrote:
Has everybody seen this already? (Have I posted this already? Sorry if I
have)
http://techrights.org/2013/11/27/source-code-for-trust/
--
Phil Hudson http://hudson-it.no-ip.biz
@UWascalWabbit PGP/GnuPG ID: 0x887DCA63
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq