From owner-freebsd-questions Mon Feb 11 23:47:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from freebie.atkielski.com (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by hub.freebsd.org (Postfix) with ESMTP id CC26B37B4E4 for ; Mon, 11 Feb 2002 23:46:12 -0800 (PST) Received: from contactdish ([10.0.0.10]) by freebie.atkielski.com (8.11.3/8.11.3) with SMTP id g1C7aPr75767; Tue, 12 Feb 2002 08:36:25 +0100 (CET) (envelope-from anthony@freebie.atkielski.com) Message-ID: <00e901c1b397$fa0faf10$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Lorin Lund" Cc: "FreeBSD Questions" References: <20020212062318.09D6120FDD@ns1.infowest.com> Subject: Re: Breaking permissions on Windows 2000 (Server Edition) Date: Tue, 12 Feb 2002 08:36:25 +0100 Organization: Anthony's Home Page (development site) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Lorin writes: > I can't personally verify every line of code > because there are so many lines and I am only > one man. In that case, you must trust someone else to do it for you. > But there are many people who have a chance to > see open source code. In other words, you must trust others. > But there are people who donate time to auditing. > These people must be motivated by honorable desire > to have a solid clean product. In other words, you must trust others. > If you cannot comprehend that there are honorable > people who would report trapdoors and security > flaws then I am lead to question whether you > comprehend being honorable for the sake of civility > and doing good. You have not shown any flaw in my logic; your personal attack does not support your assertion. The logic is very sound: Either you verify the code yourself, or you trust someone else to verify the code. There are no other options if you wish to run trustworthy code. It is important to remember this when evaluating the security of information systems. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message