[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Source Code NOT available for ViaCrypt PGP



> In a previous life, peter honeyman said ...
> 
> | i disagree.  who will guarantee that viacrypt ships binaries based on
> | the validated code?
> 
> Have your appropriately trusted person watch the code compiled in
> front of him, and take a signature of the completed binary. Although,
> this becomes somewhat of a nightmare, as 'Mr Trusted' will need to 
> oversee all 'release' compilations, and spend time beforehand going
> over code to verify everything. This signature could be signed by
> 'Mr Trusted' and included with the distribution, including s/ware
> to allow the 'pleb' user ensure they match.
> 
> Matthew.
> -- 
> Matthew Gream,, [email protected] -- Consent Technologies, 02-821-2043.

Why not just arrange for 'Mr Trusted' to receive a copy of the source code
to examine on a secure system. Then when he/she is sure that it's ok,
compile it on the same trusted system and compare with the release binaries.

Happy Hunting, -Chris.
<[email protected]>
PGP public key available upon request