From owner-freebsd-security  Wed Apr 14 14:44: 8 1999
Delivered-To: freebsd-security@freebsd.org
Received: from beatrice.rutgers.edu (beatrice.rutgers.edu [165.230.209.226])
	by hub.freebsd.org (Postfix) with ESMTP id A454415824
	for <security@FreeBSD.ORG>; Wed, 14 Apr 1999 14:44:06 -0700 (PDT)
	(envelope-from easmith@beatrice.rutgers.edu)
Received: (from easmith@localhost) by beatrice.rutgers.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) id RAA04182; Wed, 14 Apr 1999 17:41:34 -0400 (EDT)
From: "Allen Smith" <easmith@beatrice.rutgers.edu>
Message-Id: <9904141741.ZM4180@beatrice.rutgers.edu>
Date: Wed, 14 Apr 1999 17:41:34 -0400
In-Reply-To: 0x1c <nick@shibumi.feralmonkey.org>     "Re: ssh protocol [was: Interesting problem: chowning files sent via FTP]" (Apr 12,  8:15pm)
References: <Pine.BSF.4.05.9904131208110.26852-100000@shibumi.feralmonkey.org>
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
To: 0x1c <nick@shibumi.feralmonkey.org>
Subject: Re: ssh protocol [was: Interesting problem: chowning files sent via FTP]
Cc: Brett Glass <brett@lariat.org>,
	"Gregory P. Smith" <greg@nas.nasa.gov>,
	Igor Roshchin <igor@physics.uiuc.edu>, security@FreeBSD.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Apr 12,  8:15pm, 0x1c (possibly) wrote:
> On Mon, 12 Apr 1999, Allen Smith wrote:
> 
> > On Apr 12,  4:30pm, Brett Glass (possibly) wrote:
> > > A GPLed implementation would be a bad idea, because it would prevent
> > > the code from being incorporated into commercial products and thus
> > > discourage standardization. This is one situation in which BSD-type
> > > licensing would be infinitely preferable.
> > 
> > Actually, what would be preferable is some form of GNU _library_
> > license. I'm not willing to trust an encryption program unless I
> > know independent cryptographers have reviewed the code.

For that matter, I'm not willing to trust _anything_ on security
unless the code is available... this is one reason we're using FreeBSD 
for a firewall.

> How does the licence (gpl, lgpl, or bsd) have anything to do with
> independent cryptographers reviewing the code? The only crucial
> requirement is that the relevant source be available for analysis.

A gpl or lgpl license mandates the widest possible availability for
review of the code.

	-Allen

-- 
Allen Smith				easmith@beatrice.rutgers.edu
	


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message