| |||||||||||||
|
| |||||||||||||
Bad, bad, bad...Bad, bad, bad...Posted Dec 16, 2010 4:41 UTC (Thu) by JoeBuck (subscriber, #2330)In reply to: Bad, bad, bad... by proski Parent article: OpenBSD IPSEC backdoored? Thanks for all your contributions to code that I have used over the years. However, I still think you are wrong in this case. If you really want to claim that "don't publish mail without permission" is an ironclad rule, you risk creating perverse situations. If Theo writes back, and the author of the accusation says "no, you can't share this", what is he supposed to do? Do all the security audits all by himself? Sorry, but "off the record" is something that has to be agreed to by both parties, it can't be imposed by only one. If you make a blockbuster accusation by private mail, you can expect that accusation to be shared, if only to confirm whether it is true or false. There are many possibilities: the accuser could be making it up, he could be wrong, or maybe there was an effort to insert back doors that wasn't followed through on, or maybe the back door code was inserted but no longer exists because the relevant code has been rewritten, or maybe there still is a back door. But the only way to determine the truth is for developers to investigate, and even if an effort is made to contain such an explosive charge, it's likely to leak.
(Log in to post comments)
Bad, bad, bad... Posted Dec 16, 2010 16:55 UTC (Thu) by cry_regarder (subscriber, #50545) [Link]
"Don't post private emails" doesn't equal "off the record". He could have paraphrased the original email.
|
|
||||||||||||