> Actually, even if you don't release your source someone can easily re- > distribute a look alike program with trojan's included. Just write a new > program and mimic the user interfaces. Once the trojan is installed, bomb > out with an error message. The unfortunate people who ran it will not know > any better other than thinking TGP is a buggy program and not worth the > bother of trying it again. How can I know that you are not releasing a program > with a trojan buried within it somewhere? (Im not suggesting that you > actually are.. just pointing out that the program you released is actually > quite > indistinguishable from the theoretical trojan one that you were talking > about). You are trying to implement 'security by obscurity' by not releasing > source. That is never a really good way to secure something nor is it a good > way to prove to people that an implementation is secure. A secure > encryption program is more that just not including a trojan - it is a correct > implementation that does not expose the original data. Your argument is > quite flawed.
Well, it's not an "argument" but rather a statement of my concerns. It's how I "feel," so I don't see how you can consider that to be "flawed." However, if that is indeed "flawed," then I take it that you point us to an extranet site where we can download the source code for Canon's CISRA research so that we can insure the implementation of your rendering engines, document cleanup, and video surveillance is correct? :) t
