[liberationtech] issilentcircleopensourceyet.com
André Rebentisch
tabesin at gmail.com
Tue Nov 6 16:26:28 PST 2012
Am 06.11.2012 20:13, schrieb Nadim Kobeissi:
> Greg,
> I don't intend to be anonymous. Why would I? I intend for Silent
> Circle to open their source code for review, because as it stands they
> are being dangerous to the methodology of security software development.
For the open source call (just saying):
- mere "disclosure of the source code" is different from "open source".
- source review is unreliable (reviewed != safe)
- disclosure of source code does not protect from tainted binaries or
other remaining attack vectors (e.g. download trail).
Agreed, source review tends to substantially improve the "blackness" of
grey.
Best,
André
More information about the liberationtech
mailing list