-Original Message-
From: Oleg Goldshmidt [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 8:40 PM
To: Tal, Shachar
Cc: 'Shachar Shemesh'; Guy Teverovsky; Linux-IL mailing list
Subject: Re: Fw: What's wrong with this code?
snipped
The company I work for currently
Tal, Shachar [EMAIL PROTECTED] writes:
I have no idea what you're talking about.
More is the pity. Let me try to explain myself in a couple of simple
sentences. To be a good software engineer, you need to read other
people's code. To develop programs efficiently, you need to show your
code to
Hi Oleg,
-Original Message-
From: Oleg Goldshmidt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 10:28 AM
To: Tal, Shachar
Cc: '[EMAIL PROTECTED]'; 'Shachar Shemesh'; Guy Teverovsky
Subject: Re: Fw: What's wrong with this code?
Tal, Shachar [EMAIL PROTECTED] writes
Tal, Shachar [EMAIL PROTECTED] writes:
If I need access to code which I am not privileged for, I ask for
it, and bang, 15 seconds later I have access to it. No big
fill-forms-in-three-copies-then-chase-disgruntled-IT-people deal.
This seems to me a contradiction to what you wrote earlier. To
-Original Message-
From: Oleg Goldshmidt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 2:01 PM
To: '[EMAIL PROTECTED]'
Subject: Re: Fw: What's wrong with this code?
Tal, Shachar [EMAIL PROTECTED] writes:
If I need access to code which I am not privileged
On Mon, 17 Nov 2003, Gilad Ben-Yossef wrote:
On Monday 17 November 2003 08:41, Tal, Shachar wrote:
It makes it harder, as diffs are examined (by a single person or two
people) before introducing code to the main branch.
It's possible to obfuscate a backdoor, of course, but harder than
On Monday 17 November 2003 08:41, Tal, Shachar wrote:
It makes it harder, as diffs are examined (by a single person or two
people) before introducing code to the main branch.
It's possible to obfuscate a backdoor, of course, but harder than
when no one is watching.
Or to put it shorty:
Bad
-Original Message-
From: Gilad Ben-Yossef [mailto:[EMAIL PROTECTED]
[snip]
Bad closed source company: no one watches the code.
Good closed source comapny: one or two person watches the code.
Open Source: ~10k of the world best programmer watch the code.
I think you should rather say:
On Mon, Nov 17, 2003 at 05:21:21PM +0200, Arik Baratz wrote:
Abandoned open source: No one watches the code. Ever. No one knows
where to find it. Only binaries are left, and only on ftp.funet.fi
and only in some obscure folder.
If no sources are left, it's not open source, is it?
Cheers,
-Original Message-
From: Muli Ben-Yehuda [mailto:[EMAIL PROTECTED]
[snip]
Abandoned open source: No one watches the code. Ever. No one knows
where to find it. Only binaries are left, and only on ftp.funet.fi
and only in some obscure folder.
If no sources are left, it's not open
Tal, Shachar [EMAIL PROTECTED] writes:
From: Shachar Shemesh [mailto:[EMAIL PROTECTED]
Lets separate what the app can do, with the way it is being
typically deployed. I am yet to see a deployment of clearcase
where developers were given commit access to certain parts of a
program,
Reminder: to master the art of distinguishing between Reply and Reply to all
Guy
On Thu, 2003-11-13 at 10:46, Gilad Ben-Yossef wrote:
Now, what would have happend if this was a run of the mill closed source
security firm?
Closed source firms rarely use CVS (if ever). Big projects usually
Guy Teverovsky wrote:
On Thu, 2003-11-13 at 10:46, Gilad Ben-Yossef wrote:
Now, what would have happend if this was a run of the mill closed source
security firm?
Closed source firms rarely use CVS (if ever).
Hmm - you must have better info about closed source companies than I do.
-Original Message-
From: Shachar Shemesh [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 7:51 AM
To: Guy Teverovsky
Cc: Linux-IL mailing list
Subject: Re: Fw: What's wrong with this code?
Guy Teverovsky wrote:
On Thu, 2003-11-13 at 10:46, Gilad Ben-Yossef wrote
Tal, Shachar wrote:
While agreeing with most of your post, I can testify to previously working
for a company with a state-of-the-art ClearCase implementation. Each RD
team has it's own branch to work on, and only the integration team merged
files from these branches to our /main branch.
Would you
-Original Message-
From: Shachar Shemesh [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 8:38 AM
To: Tal, Shachar
Cc: Guy Teverovsky; Linux-IL mailing list
Subject: Re: Fw: What's wrong with this code?
Tal, Shachar wrote:
While agreeing with most of your post, I
On Thursday 13 November 2003 01:28, Boaz Rymland wrote:
Further more, don't get me wrong. I did not conclude my verdict on OSS
security from this simple demonstration of a weak point. Not at all.
Without going into details I think the opposite - I prefer openess over
obscurity, taking in mind
Interesting message I got.
Isn't that a demonstration of the *real* (no FUD) open source model
security break points?
Actually, you just pointed out one of Open Source scurity model greatest
strenghts, no weaknesses. How come?
Well, think about what happend here: someone managed to gain
Well, you certainly got a point there. One could claim that such source
compromises are possible with closed source SW too and in such a case,
indeed logical to assume, it is more difficulty finding, verifying and
correcting the code AND, closing the security hole through which the
intruder
On Thursday 13 November 2003 12:11, Boaz Rymland wrote:
In short - there is a weak point in the openness model. it is greatly
acknowledged and treated hence achieving a better security model. Don't
be impressed by the publicity it gets - you just dont hear of such cases
in closed source
Interesting message I got.
Isn't that a demonstration of the *real* (no FUD) open source model
security break points?
It seems to me that unfortunately, theoretically, there could be many
exploits of this vulnerability (or am I wrong here?).
Boaz.
*START READING FROM THE END!*
-Original
BR Isn't that a demonstration of the *real* (no FUD) open source model
BR security break points?
Well, that looks like open source _strong_ point. If the same code was
closed, what chance someone - except, of course, for original programmer
and probably his associates - would notice that? If,
Stanislav Malyshev wrote:
BR Isn't that a demonstration of the *real* (no FUD) open source model
BR security break points?
Well, that looks like open source _strong_ point. If the same code was
closed, what chance someone - except, of course, for original programmer
and probably his associates
On Thu, Nov 13, 2003 at 01:28:05AM +0200, Boaz Rymland wrote:
Stanislav Malyshev wrote:
BR Isn't that a demonstration of the *real* (no FUD) open source model
BR security break points?
Well, that looks like open source _strong_ point. If the same code was
closed, what chance someone -
24 matches
Mail list logo