Hi! Aron Nimzovitch wrote: > Only a fool would blindly depend on someone else's software to gain > anonymity without examining the code. If you need anonymity, > then you should easily be willing to invest sweat equity, or > have a contractual arrangement when the threat is only > financial. For more serious threats requiring anonymity, > not reviewing the source when it is available seems beyond > stupid. And surely you would apply your opinion to any kind of cryptography like pgp, ssl, etc. There are millions of users out there who do not have the skills (programming, mathematics) to verify such code. Calling them beyond stupid for that is inappropriate. Blindly relying on software may be foolish, but if you keep an open eye for warnings from those that have the skills and do verify the code of popular software it is ok. And - who guarantees that the code that is published is the same that is used on the servers? So reviewing code only helps if you compile and use it yourself or maybe in situations like remailer chains you rely on the assumption that at least one remailer will use the published code. But JAP IMO is not a chain of independent systems. Bernhard -- Low end Serverhousing ab 25 e inkl. 1x 11 e/GB, etc.: http://bksys.at _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sun Aug 24 2003 - 06:34:21 PDT