[Discuss] Good and Bad Crypto
john saylor
js0000 at gmail.com
Tue Apr 22 14:59:50 EDT 2014
On 4/22/14, 14:37 , Edward Ned Harvey (blu) wrote:
> You're saying, that the only way anybody in the world can trust anything, is to literally download everything from source, *read* all the source, and compile it themselves.
instead of just calling "bs" can you suggest some other means by which
you can trust crypto software?
if you're not doing this work [source examination and local compile]
then what are you basing your trust upon?
someone else's word? someone else's audit report? what other means are
available to you?
people are very clever and often do not tell the truth. do you have
children?
also, if a bunch of people [say in the context of a corporation] is the
one offering the audit ... well, the record of corporations acting out
of any motivation outside of next quarter's numbers is pretty bad ...
[simple example: GM ignition recall]
i just don't see how you can say you trust some software that you
haven't examined. or maybe i just have an inaccurate sense of the nature
of human beings ...
maybe there's a mitigated risk here that is unspoken [so far].
--
\js [http://or8.net/~johns/] : i am alive
More information about the Discuss
mailing list