On April 24, 2014 at 10:34 AM Richard Pieri <richard.pi...@gmail.com> wrote: > Mike Small wrote: > > heartbeat requirement at all for the TCP case, but it's always a bug to > > take external untrusted data at its word in this way. > > I maintain that this isn't a bug; it's willful stupidity.
The reason a bug happens is not relevant when the bug causes damage. > > Perhaps. There may be an economic argument why Open Source, or some > > parts of it, isn't getting enough attention from enough of the right > > people. I don't know. I only have trouble with the idea that having > > Most of the right people when it comes to crypto are identified by > security agencies very quickly, and then either recruited or constrained > before they pose any threat -- which is to say, before they can > contribute substantially to either open source or proprietary ventures. > Of those who remain, the ones who aren't good enough for the NSA and > similar agencies, most either end up working for big companies like > Microsoft and Google, because these are the only ones that can afford > their salaries, or start their own security-related companies. Phil Zimmerman, who was hounded for years legally and eventually prevailed. peabo _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss