On Fri, 30 May 2014 15:00:39 -0500, Brandon Perry <[email protected]> wrote:
>2) Do you trust these users to understand the codebase thoroughly enough >and understand cryptography enough to not introduce stupid crypto bugs? >That is a huge caveat. It is - but it¹s also the risk you run with any open source crypto, or kernel, or anything else. Plus anyone, no matter how familiar you are with a codebase, can introduce stupid bugs. I speak from personal experience. :) My guess would be that, after the audit is complete, a lot of people (myself, and those a lot smarter than I am about crypto) will be keeping a close eye on the diffs. Cheers, Greg _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
