> From: Dan Kaminsky <[email protected]>
> I agree with the assertion that the bugs described
> thus far are *precisely* like security vulnerabilities
My comment wasn't about the code, but the people viewing it.
One side wants to twist the revealed e-mail/code to make it look as bad as
possible. They will take every e-mail out of context, and exaggerate every
possible coding error.
The other side does precisely the opposite, trying to convince everyone that
there's nothing to see here.
The core debate isn't about "implementation errors", but "design errors".
Specifically, it's about whether the code is designed to adjust the raw data to
exaggerate recent warming. More specifically, it's about the inability of
anybody to double-check it, since these "scientists" do not release their code.
We are supposed to believe the priests who say Earth is at the center of the
universe, but we are not allowed to see either their data or method they used
to arrive at that conclusion.
This isn't the production code, although it's related. CRU has promised to
release both the code and the raw data. At that point, us coders can start the
process of replicating the results, and looking for statistically significant
errors.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
