[PLUG] Windows and Cryptography
Eric Wilhelm
scratchcomputing at gmail.com
Tue Feb 13 05:52:59 UTC 2007
# from Dan Young
# on Monday 12 February 2007 07:12 pm:
>> Red Hat has *zero* closed-source components? I thought they were
>> holding a couple of their "enterprise" components (config and update
>> tools?) under the vest. Maybe I'm wrong. Maybe they were at one
>> point and aren't now.
>
>Respectfully, I think you're wrong.
Ok. It wouldn't be the first time.
>> I could have said "and even debian for that matter." Even if
>> ...
>> checking the resultant binary?
>
>There's lots of trust conferred even if you are compiling source
>yourself.
>...
Certainly. My original point was that responsibility for security comes
down to the user. I suppose I should have said something about a
"spectrum of trust" or what-not. In the m$ and apple case, you're
placing ultimate trust on the vendor, so you might as well just mail
them the keys now.
>if m$ is root, so is apple, sun, adobe, nvidia, and red hat^W^Wdebian
>for that matter. ... Otherwise, the only answer to the
>"are we secure?" question has to be shrugging your shoulders and saying
>"maybe."
Sure, it's not exactly practical to answer definitively, but it is much
easier to trust a completely open-source vendor than a completely
closed-source one. The irony is that the amount you are required to
trust them is the inverse of the amount that you should.
--Eric
--
Issues of control, repair, improvement, cost, or just plain
understandability all come down strongly in favor of open source
solutions to complex problems of any sort.
--Robert G. Brown
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
More information about the PLUG
mailing list