On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > > > > >>You might want to check tinc (http://tinc.nl.linux.org) > >> > >> > > > >I strongly recommend *not* to use tinc. > ><http://www.securityfocus.com/archive/1/249142> illustrates that the > >authors didn't have enough expertise to build a secure tool 2 years ago. > >The problems were still present last autumn, see > ><http://www.mit.edu:8008/bloom-picayune/crypto/14238>. What a track record! > > > >With VPN software, IPSec is the only real option if you want to be certain > >it is secure. > > > > > Nice, the first article is based on a alpha version (pre-beta) of tinc, > you didn't include the official answer.
IMHO, the key words in Richard's posting are ``[not] enough expertise'', and ``a track record''. The idea that the [conceptual] flaws will be fixed in The Next Release [TM], although quite common amongst the people, is a mere instance of a proof by wishful thinking. Clueless authors will always produce crappy software, regardless of how long they've been in the business. > This sounds alot like FUD, are you the author of a compeditive product? Occasionally, I author thoughts and speeches that require the audience to use their brain. Does it count? HAND. Jan. -- ``You know those mail clients: MS Outlook, mail(1), or even telnet(1). All of them suck. This one just sucks less.''
pgppSQ3etPmVh.pgp
Description: PGP signature