On Thu, Jul 10, 2014 at 10:52 PM, Tony Arcieri <basc...@gmail.com> wrote: > On Thu, Jul 10, 2014 at 4:45 PM, John Young <j...@pipeline.com> wrote: >> >> This is the comsec dilemma. If a product or system becomes mainstream >> it is more likely to be overtly and/or covertly compromised. >
I don't find this a dilemma - I don't use immature projects because they haven't had time prove themselves and get stress tested. I like the idea of LibreSSL but won't use it for at least 3 years (if it gains traction). > Clearly OpenSSL is a great demonstration that many eyes don't make > bug(door?)s shallow, but if the source is available, it's certainly > something that can be used to build trust in a system. > I don't think that's a good example at all. I think OpenSSL's issue is feature bloat without enough time for code audits. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography