From: Mark <mark@lochard.com.au>
Date: Sun, 27 Aug 95 20:04:56 PDT
To: scmayo@rschp1.anu.edu.au (Sherry Mayo)
Subject: Re: SSl challenge - it was fun!
In-Reply-To: <9508280028.AA28532@toad.com>
Message-ID: <199508280134.AA19987@junkers.lochard.com.au>
MIME-Version: 1.0
Content-Type: text


>> One problem with being in Australia was that I was asleep when
>> new software updates were announced and tended to get them later
>> than everyone else, and because of this an auto-update would
>> be particularly useful to me if we do this again.

I would be extremely wary of this as accepting code written by someone else to
automatically run on your machine is bad. I realise the non unix people are
forced to use binaries and have no way of knowing what in hell is in the nice
software, but Unix people have a responsibility to themselves and the others
on their machines/networks to at least check that everything is ok. If they do
not have the expertise, they will hear of it soon enough when others scan the
offered code.

Having source code to these programs is essential, from a security and snub
the TLAs point of view. People need to be educated how to write systems
to use crypto and they need to be able to check no trojans are included.

Mark
mark@lochard.com.au
opinions are rumoured to be mine.