> An argument, why your policy is based on one irrational human would be nice. > It may be the case, that people don't want intelligence people on > software, but as far as it's public, you are not. There is one email of > a probably crazy human, who maybe claim the opposite, and that's why you > don't want to contribute. Please clear me up. I think I don't understand.
I’m going to summarize it one last time. I have lifelong close affiliations with government and law-enforcement. For this reason, it is important that I never touch the codebase of anything that people fear might be a target for subversion by the United States government. The rationality of that fear is irrelevant; the presence of that fear in a large fraction of the userbase is what’s relevant. The Enigmail and GnuPG developers are aware of this concern and at present *none* of the Enigmail or GnuPG developers have said, “Rob, the contributions you could make to the code outweigh the fear it would cause among the users.” (In fact, if I were to submit a patch, I suspect Patrick would reject it without ever reading it. I very much hope so.) If you still think this is irrational, then I invite you to continue thinking that; it will not change our decision. I don’t touch code. Period. Instead of telling me the decisions I should be making (which, let’s be honest, is really “the decisions you want me to make”), why not focus on the decisions *you* can make, and start taking direct steps to make things better? Telling me the decisions I should be making, and the work I should be doing, is … unproductive, to say the least. It’s also extremely rude. > Just one example for (code) contributing, where I don't have a problem > with, if an untrusted person does it: Establishing common coding > standards, (weak) refactoring the code (in the best case, the execution > path is not touched). It relatively easy to check, if the commit is > trustworthy. Agree? No. If someone is not trusted with the code, they must *never touch the code*. It’s simply too easy to make malicious code paths look completely innocuous. This is, in fact, a hobby of a lot of security developers… myself included. If I have the skills to make malicious code look so innocuous that it will pass a code audit, and many users would not trust me to touch the code, then I cannot be allowed to make even minor changes to the code. http://underhanded.xcott.com/ > I wonder why you haven't answered this part of my email: Because I already answered it. I don’t touch code. > Depends on your definition of "intelligence business". If your using > weak (rather pathetic) definitions of "intelligence business" and > calling every person, who already used a telephone book a person, who is > in the intelligence business, it is easy to come to this conclusion. > Of course this is wrong. Most people, who are using telephone books, > search engines, or Facebook to stalk other people don't have such > powerful capabilities as secret services. Don't you think so? I think that the average person using Facebook has surveillance and information-gathering powers that the Stassi or the Securitate would have wept to possess. > @At the people who are using this thread to thank Enigmail: Was I really > that pessimistic and destructive? Yes.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
