Ometre fins al contingut.
Menú de Sympa

cacert - Re: [CA cert] The case for open source (was Re: Bet)

Assumpte: A better approach to security

Arxiu de la llista

Re: [CA cert] The case for open source (was Re: Bet)


Cronològic Discusió 
  • From: Duane <duane AT cacert.org>
  • To: A better approach to security <cacert AT lists.cacert.org>
  • Subject: Re: [CA cert] The case for open source (was Re: Bet)
  • Date: Mon, 09 Aug 2004 12:16:17 +1000
  • List-archive: <http://lists.cacert.org/mailman/private/cacert>
  • List-id: A better approach to security <cacert.lists.cacert.org>
David Kaufman wrote:

pserver has had security-related bugs found in the code, and those were
quickly fixed, by the cvs developer community.  ssh also has had several
critical bugs fixed recently which were found to potentially allow
hackers to compromise the server.  do you not trust sshd anymore?

Actually I don't trust SSH, I try where possible to completely limit access to it via firewalls, if they can't hit it they can't exploit it.

as Bob mentioned, sourceforge offers free CVS hosting, as does FSF.

As Nathan mentioned both have been compromised...

but cvs is not necessary for an open source project to flourish.  it
helps, but many projects simply post snapshots of the source code as
tarballs on the web.  developers still discuss the work on mailing
lists, and still submit patches just fine.

Which is the only secure solution I can think of so far...

you have said that on several occasions on this list, you as much to us
in person in the meeting i attended in New York, and yet here you are
again, debating against it.  people are resigning from the board over

No the board was dissolved by vote of the membership, I attempted to have others agree to mass resignation but they were of the opinion that getting fired made you less liable then quitting, which as an employee may or may not be true, but as a person on the association board will not make a squat of difference, especially in light of things like the Enron affair.

--

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers

"In the confrontation between the stream and the rock, the
stream always wins; not through strength, but through persistence."
--

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers

"In the confrontation between the stream and the rock, the
stream always wins; not through strength, but through persistence."


Arxiu generat per MHonArc 2.6.16.

Part superior de la pàgina