Re: secrets and lies

2000-11-14 Thread Bennett Todd
2000-11-14-16:37:06 Lipscomb, Al: > Open Source is often used to describe software that has its source > code available regardless of the license involved. Could be, people use words as they wish. But if you'll take a visit to http://www.opensource.org/>, you'll find that the term was very specif

Re: secrets and lies

2000-11-14 Thread Bennett Todd
2000-11-14-16:24:36 Adam McKenna: > Bruce Scheiner is a god, [...] It's possible you're being sarcastic, but there are those who would very nearly agree with you. While he may not actually be a god, he is certainly the single most important contributor to getting really top notch crypto out of re

Re: secrets and lies

2000-11-14 Thread Bennett Todd
2000-11-14-15:11:55 Adam McKenna: > But you have to realize that this is the same argument put forward > by many people pushing closed source solutions over open source > ones (that it has been analyzed by "experts"), and invariably many > security holes are found anyway. Again, it helps to under

Re: secrets and lies

2000-11-14 Thread Bennett Todd
2000-11-14-15:11:43 Paul Jarc: > Only the "select few" will be able to audit it well, regardless of > the license, and they can afford to charge a hefty fee, regardless > of the license. They certainly can. They do not always choose to do so, however. If enough people really wanted to get a deter

Re: secrets and lies

2000-11-14 Thread Bennett Todd
2000-11-14-15:07:28 [EMAIL PROTECTED]: > [Bruce Schneier is] the author of perhaps the most popular book on > computer security that's available to the public. Which book are you referring to? "Secrets and Lies"? While it's a powerful contribution in the way of standing back and re-examining the

Re: secrets and lies

2000-11-14 Thread Bennett Todd
2000-11-14-15:01:07 Charles Cazabon: > However, as far as qmail goes: all the crackers in the world have > had access to the qmail source code and design documentation for > years, and none have yet found an exploitable security hole. You > could consider that a fairly thorough audit-by-fire. And

Re: secrets and lies

2000-11-14 Thread Bennett Todd
> > >So has any expert ever audited qmail or djbdns? > > > > No. Any audit worth doing would be prohibitively expensive for a > > freeware project. $1000 wouldn't even begin to cover it, at > > least for qmail. Whoa, sure, it'd cost a load if you paid someone to do it, but open source has other

Re: Arguments in favor of djbdns?

2000-08-01 Thread Bennett Todd
2000-08-01-10:50:58 Ben Beuchler: > Sometime in the near future we will be a djbdns shop. It will > take some arm twisting of the other admins, but it will happen. That's good. You'll be glad. I'll tell you how I made the transition, not that this is the only way or anything, but it worked real