Re: Don't discredit OVC with falsehoods!

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Fri May 07 2004 - 12:12:30 CDT

I wrote to Bev Harris this morning to compliment her on the points about the certification process flaws she was making and pointing out the technical overstatements on the compiler attack. She wrote back a quick thank you to say she would update her message on these points.

The point she was making was of course a good one. And any technically off-key statements were relatively minor and the sort found in most investigative journalism as opposed to say a laboriously crafted peer reviewed scientific paper. There's no tarnish on her or OVC here.

Not that I want to argue this further but...By the way she did get the flavor of the linux "=" incident correct I believe. It's true the intrusion was on a code branch but that branch could easily have been check in to the main code and thus a developer would have laundered this bug with his or her own signature. It also points out that the place to attack software is not in the fortress of the code tree keeper but in fact on a developer's checked-out copy undergoing development. Her point was that it hard to spot this subtle deliberate root-hole despite key eyes even knowing it was there. It's classicly subtle. Had it been checked in by a trusted developer it could have lasted for ages I suspect.

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:22 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT