RE: Did IBM Hijack Apache????

["jt" <jt@xxxxxx>]

I agree, Leif.  Where we disagree seems to be on the size of the community,
and who should decide whether IBM releases every last bit-a code to whom.
See below.

| -----Original Message-----
| [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Leif Svalgaard
| Sent: Sunday, April 27, 2003 11:32 PM

| From: jt <jt@xxxxxx>
| > IBM has the common sense not to put security code in the public domain.
|
| nonsense, the only way for the user community to check that the vendor
| has implemented good security is to see exactly what is there. Security
| that relies on obscurity is no security.

| -----Original Message-----
| [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of stephane leon
| Sent: Friday, April 25, 2003 3:52 PM
| Subject: RE: Did IBM Hijack Apache????
|
|
| Maybe it is not the "right number" of eyes but ''many different eyes'',
| without particular interest except doing better and better :-)
|
| In <NEBBJKBIKLEJIKAMEJCGEEMMGMAA.jt@xxxxxx> jt wrote:
| >| -----Original Message-----
| >| [mailto:midrange-l-bounces@xxxxxxxxxxxx]On
| >| Behalf Of Hans Boldt
| >
| >
| >| Note that it's been the experience of the open source community that
| >| nothing can locate and fix problems as effectively as thousands of
| >| outside reviewers. That's especially true in the area of security.
| >| It's long been known that "security by obscurity" does not work.
| >
| > I certainly AGREE Hans, and Leif had said same MANY times...!!  Dunno
| > know that "right-number" of eyes, as it MAY be that security is a joke
| > if the internals are seen by thousands...  How many eyes do it take
| > for the internals to get into the wrong element...?!?
| >
| > Glad I don't hafta make THAT call...!!