[p2p-hackers] amicima MFP and crypto upgrades

[Matthew Kaufman]

coderman:
>
> very true.  i suppose if you are this concerned about key 
> secrecy you'd also want to ensure other side channels / 
> application security is as well protected.

Exactly so. Remembering, of course, that the attacker is always looking for
the path of least resistance. Encrypt everything on the disk with a strong
passphrase? Better make sure there's no keylogger installed, Encrypting your
VOIP chat? Better make sure there's no bug glued to the bottom of your desk.
Etc.
 
> are patches for MF* accepted in general?  is copyright 
> assignment required?

The code is under GPL. Self-published patches that modify the code are of
course just fine, and that keeps complete control of the patch in your hands
as long as any distribution of the patched code you do complies with the
GPL.

If you want patches rolled back into our distributed code, copyright
assignment is required since we not only need to try to keep compatibility
with them (and so we might "patch a patch", and don't want our
GPL-publication-right of that getting confusing), but we have commercial
licensees who we need to grant rights to. Exceptions might be made in
exceptional circumstances where a GPL/non-GPL fork really makes sense.

We're also open to suggestions for changes... Just ask, and we might write
it into the next release for you :)

One thing I know will be in the next release as a response to a request, for
instance, is a change to the 'extern "C"' handling in the headers, to make
life easier for C++ programmers, particularly on win32 where there's C vs
C++ system include file issues.

Matthew Kaufman
matthew at matthew.at
http://www.amicima.com