1993-08-30 - Re: Source Code NOT available for ViaCrypt PGP

Header Data

From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
To: honey@citi.umich.edu (peter honeyman)
Message Hash: 8b73b9c4f0d3706178f87bc1ce03d8aab64d7b4afe5a17f609a2eb79e7ab77ba
Message ID: <9308300745.AA22452@acacia.itd.uts.EDU.AU>
Reply To: <9308272032.AA17050@toad.com>
UTC Datetime: 1993-08-30 07:46:20 UTC
Raw Date: Mon, 30 Aug 93 00:46:20 PDT

Raw message

From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
Date: Mon, 30 Aug 93 00:46:20 PDT
To: honey@citi.umich.edu (peter honeyman)
Subject: Re: Source Code NOT available for ViaCrypt PGP
In-Reply-To: <9308272032.AA17050@toad.com>
Message-ID: <9308300745.AA22452@acacia.itd.uts.EDU.AU>
MIME-Version: 1.0
Content-Type: text/plain

In a previous life, peter honeyman said ...

| i disagree.  who will guarantee that viacrypt ships binaries based on
| the validated code?

Have your appropriately trusted person watch the code compiled in
front of him, and take a signature of the completed binary. Although,
this becomes somewhat of a nightmare, as 'Mr Trusted' will need to 
oversee all 'release' compilations, and spend time beforehand going
over code to verify everything. This signature could be signed by
'Mr Trusted' and included with the distribution, including s/ware
to allow the 'pleb' user ensure they match.

Matthew Gream,, M.Gream@uts.edu.au -- Consent Technologies, 02-821-2043.