[PLUG] Windows and Cryptography

Eric Wilhelm scratchcomputing at gmail.com
Tue Feb 13 05:52:59 UTC 2007


# from Dan Young
# on Monday 12 February 2007 07:12 pm:

>> Red Hat has *zero* closed-source components?  I thought they were
>> holding a couple of their "enterprise" components (config and update
>> tools?) under the vest.  Maybe I'm wrong.  Maybe they were at one
>> point and aren't now.
>
>Respectfully, I think you're wrong.

Ok.  It wouldn't be the first time.

>> I could have said "and even debian for that matter."  Even if
>> ...
>> checking the resultant binary?
>
>There's lots of trust conferred even if you are compiling source
>yourself.
>...

Certainly.  My original point was that responsibility for security comes 
down to the user.  I suppose I should have said something about a 
"spectrum of trust" or what-not.  In the m$ and apple case, you're 
placing ultimate trust on the vendor, so you might as well just mail 
them the keys now.

>if m$ is root, so is apple, sun, adobe, nvidia, and red hat^W^Wdebian 
>for that matter.  ...  Otherwise, the only answer to the 
>"are we secure?" question has to be shrugging your shoulders and saying 
>"maybe."

Sure, it's not exactly practical to answer definitively, but it is much 
easier to trust a completely open-source vendor than a completely 
closed-source one.  The irony is that the amount you are required to 
trust them is the inverse of the amount that you should.

--Eric
-- 
Issues of control, repair, improvement, cost, or just plain
understandability all come down strongly in favor of open source
solutions to complex problems of any sort.
--Robert G. Brown
---------------------------------------------------
    http://scratchcomputing.com
---------------------------------------------------



More information about the PLUG mailing list