Auto-update (was: Re: SSl challenge - it was fun!)
Mark
mark at lochard.com.au
Mon Aug 28 05:02:35 PDT 1995
>...[asking for an auto-update]...
>> I would be extremely wary of this as accepting code written by someone else
>>to automatically run on your machine is bad.
>...
>
>Why?
>
>I wouldn't say "bad".
>
>I'd say "you need to know what you are doing".
>
>...
>> If they do
>> not have the expertise, they will hear of it soon enough when others scan the
>> offered code.
>...
>
>Perhaps there should be a mechanism whereby code offered would be
>signed by various parites. When sufficient signatures have collected,
>auto-update can proceed.
>
>
>Yes, no, maybe?
No. Bypassing anecdotes about personal experiences with some .au cpunks, why
should I trust *anyone* to certify that code is auto runnable on my machine?
In secure or commercial networks, the onus is on making sure holes are not
opened up in the defences.
To me, having all these crypto links, digital envelopes, crypto filesystems,
etc all mean zero if you start offering to run code blindly from anyone.
Next.
Mark
mark at lochard.com.au
The above opinions are rumoured to be mine.
More information about the cypherpunks-legacy
mailing list