Andy Isaacson: > Nope nope nope. You don't get to try to shame free research and sweep > this issue under the rug by insisting on private email.
this right here. i've found the developer's words on this matter especially disheartening, particularly since he came into this thread through attempting to sell a piece of software with a list based discount. when a member of the very community a developer is advertising to discovers what would be a crippling security flaw in a number of circumstances which could lead to incarceration and torture, you don't call them out for not keeping it private. keeping it private would be unethical, particularly since this security flaw didn't even involve an exploit of the code. it just involved basic cursory research. > When systems are proprietary, make grandiose claims of dubious validity, > and do not carry any of the hallmarks of being well engineered, it is > unlikely that they are worth spending much time on. and when the developers appear hostile to valid criticism, it's a great way for them to make sure their software will be thoroughly panned by the community with the natural consequence of other users being instructed to avoid their product. -- gpg key - 0x2A49578A7291BB34 fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
