On 17 May 2013 11:39, <[email protected]> wrote: > > >> I do wonder, can we reasonably expect that integrity of open >> source software today? I'm not blaming anyone, let me explain: >> The threat of forking or noticing any wrong doing was probably >> enough in previous years. But these days, software is much >> bigger, back doors are much subtler, and worst of all - There is >> a lot of money to be made if you know of a back door. So the >> temptation of putting one in has grown. >> >> Has the community's ability to review code for such issues grown >> proportionally? I use more code in a day than I can reasonably >> review in a life time. (Not that I'm any example, but I think >> the point is clear.) I can't even pay for someone else to review >> it, since if they do find a bug, they can sell it for much more >> than what I can give them. > > > Trust but verify is dead.
Maybe for s/w, but not everything: http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
