Re: Netscape 5 will be GPL'ed

[Adam Shostack <adam@homeport.org>]

Markus Kuhn wrote:

| > NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE
| > AVAILABLE FREE ON THE NET
| 
| Excellent!
| 
| Finally mainstream software companies start to understand that security
| critical software has to be provided to the customer in full compilable
| source code to allow independent security evaluation.

	I'm not sure that this is the message they're sending at all.
They're trying to work the Linux/GNU model of getting a horde of
volunteer programmers to improve their product, and base other
products on it, because of the ease of integration.  I don't know that
security was even on their minds.

| No formal CC/ITSEC evaluation process can beat the scrutiny of the
| Internet crowd.  I wonder how long we have to wait for the day on which

Not that the internet crowd is such hot shit, either.  The freely
usable FWTK contained a *really* easy to find replay attack for about
3 years, befire I pointed it out at the Crypto rump session.
(www.homeport.org/~adam/crypto97.html).  Small code.  Comments
pointing to problems.  Security critical in some instances.  3 Years
to find.

Adam



| we can download the latest GPL'ed Windows NT version source code from
| Microsoft's web server ...



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume