> I do wonder, can we reasonably expect that integrity of open > source software today? I'm not blaming anyone, let me explain: > The threat of forking or noticing any wrong doing was probably > enough in previous years. But these days, software is much > bigger, back doors are much subtler, and worst of all - There is > a lot of money to be made if you know of a back door. So the > temptation of putting one in has grown. > > Has the community's ability to review code for such issues grown > proportionally? I use more code in a day than I can reasonably > review in a life time. (Not that I'm any example, but I think > the point is clear.) I can't even pay for someone else to review > it, since if they do find a bug, they can sell it for much more > than what I can give them.
Trust but verify is dead. --dan _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
