* Adam Kennedy <[EMAIL PROTECTED]> [2006-07-19 18:40]: > My biggest criticism of every attempt I've seen at adding more > security is that it reduces utility. And since we've NEVER > (yet) had a security violation that I'm aware of, the net > result is we just sacrifice utility for potential security > gain.
That line of reasoning really troubles me: it implies that it’s not worthwhile to protect against a plausible danger before real damage has happened. In fact, if the measures are implemented well, then the security gain from them will always remain “potential”. I’ll assume you didn’t actually mean it the way it came out; that you were actually complaining about the tools. I agree that Module::Signature falls far short of doing an adequate job; no argument from me about that. But I think so not because it decreases utility but because it doesn’t actually increase security. When it decreases utility, it’s just because it fails to work, not because in exchange for security. If I could trade some utility for an actual increase in security, I would. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/>
