| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: euan_briggs at btinternet.com (Euan Briggs) Subject: ranting.. was Re: (no subject) PS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > None of the above dictates that user freedom is defined by > disclosure in and all by itself. It is again, always a personal > choice (and often dictated by our employers - another story), but > it is certainly defined that the freedom for the users of software > are taken away, when they, when we, are required _not_ to disclose. > > </rant> > > -- > Silvio I wasn't actually referring to the full-disclosure issue here when I talked about PHC adding nails to the coffin of internet freedom. However I completely agree with you in that the form disclosure takes is a free choice, its not down to governments to interfere in this. Its the kind of thing where industry standard ethical guidelines, agreed by general concensus are more appropriate than legislative controls, and this is more in the spirit of the internet. I think rather than having governments formalise the disclosure process itself, their idea of criminalising the release of functional ready-to-go ./hack tools is not over the top and could actually protect against the dangers of that form of disclosure, without limiting the individual or the business's freedom to disclose in a way which has maximum benefit for all. Nobody but blackhats disclose functional "proof of concept" (what a misnomer) code, so nobody but blackhats have anything to fear from laws which attempt to regulate such releases. I would be happy to see that happen, as long as it is done in such a way that it doesnt stifle or outlaw legitemate research, as the DMCA attempts to do, which is in the interests of business rather than the interests of security. Personally I think the language in the DMCA should be changed, as the bits about reverse engineering etc look like they can be applied in ways that exceed the intended scope of the legislation. Euan PHC analogy number 398434: "PHC is like the mouse saying to the vermin hunting cat 'hey, you shouldnt eat mice, and besides, I can't be bothered running away from you' -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPeOCx0P0lBKBG8xoEQL9owCfQKNC+BB9DUDRbsc68QABggwkUBYAn27G kwi9KdmX6b0nTUInPV1r0z35 =79P5 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists