NA> Personally, I believe Open Source Software has the "potential" to be more
NA> secure, but there is also value in security through obscurity. :o)
Although there may be corporate value in obscurity, I have a hard time
accepting that at a personal level. Sure, nobody is supposed to know
what the whitehouse.gov and fbi.gov servers are running so that
nobody will know easy attacks against them. However, at the same
time, if *I* am unable to examine an implementation of a cryptography
routine (or anything, for that matter), I may well be suffering from
corporate key-farming (from the previously mentioned link, just a
direct line to what I'm talking about):
http://www.scramdisk.clara.net/pgpfaq.html#SubDSSSubliminal
Anyone remember the big brouhaha when it was discovered that Microsoft
was collecting computer information during the famous "Windows Update"
feature? While I won't say that such a thing would never happen in
OSS, it's unlikely to be a "surprise" when someone sees that it's
happening.
-tom!
--
Hopin' this said *something* useful, [EMAIL PROTECTED] out.
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
