Thus spake norm @
> As security people, we should be careful about trusting anything without
> source code anyway..
Assuming you're sufficiently expert in the subject area to make heads
and tails of the code. I'd be fine if they'd allow some appropriate
experts (pick 10 people at random from the Internet Security Cabal
World Tour 1996 party =) ) to review it and comment freely on their
findings. If the source were released, that'd pretty much be the main
Do you ask to see the source for the fly-by-wire on your planes, too?
(the GPL is not a security policy)
#> Mike Shaver (shaver @
com) Ingenia Communications Corporation
#> Chief System Architect and Herder of Bits
#> "Yoda say, `Just slap a little public key crypto into it' does not
#> a secure system make." -- Marcus J. Ranum (mjr @