[p2p-hackers] OmilyX: Secure VoIP
Alex Pankratov
ap at hamachi.cc
Thu Feb 23 23:52:17 UTC 2006
coderman wrote:
> On 2/23/06, Alex Pankratov <ap at hamachi.cc> wrote:
>
>>...
>>Sources are not needed. Security spec is.
>
>
> i have a hard time accepting code quality, adherence to spec, and
> implementation correctness on faith when dealing with "secure
> software" provided by strangers in binary form only.
>
> do you see the problem here?
I see the problem in assuming that their binary distro will
be assembled from the same sources they release to the public.
If they are out to get users, they are perfectly able to do
it with their full source open.
I would however feel more confident in their binaries if I can
verify that they adhere to the protocol spec.
See my point ?
More information about the P2p-hackers
mailing list