Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Re: ANN: JSLint Reporter (Node.js wrapper) (UNCLASSIFIED)

Expand Messages
  • Cheney, Edward A SSG RES USAR USARC
    Classification: UNCLASSIFIED ... A digital signature is not false security. It is the preferred means of validating authenticity. A digital signature should
    Message 1 of 6 , Feb 3, 2011
    • 0 Attachment
      Classification: UNCLASSIFIED

      > A digital signature does not make things less worse.
      > It is false security.

      A digital signature is not false security. It is the preferred means of validating authenticity. A digital signature should not be confused with encryption, hashing, or public keys. http://en.wikipedia.org/wiki/Digital_signature

      Austin Cheney, CISSP
      http://prettydiff.com/
      Classification: UNCLASSIFIED
    • Douglas Crockford
      ... Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn t authenticity, it is
      Message 2 of 6 , Feb 3, 2011
      • 0 Attachment
        --- In jslint_com@yahoogroups.com, "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@...> wrote:
        >
        > Classification: UNCLASSIFIED
        >
        > > A digital signature does not make things less worse.
        > > It is false security.
        >
        > A digital signature is not false security. It is the preferred means of validating authenticity. A digital signature should not be confused with encryption, hashing, or public keys.


        Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.
      • mathew
        ... So you re saying we shouldn t trust you not to misuse your power? mathew -- [Non-text portions of this message have been
        Message 3 of 6 , Feb 3, 2011
        • 0 Attachment
          On Thu, Feb 3, 2011 at 12:33, Douglas Crockford <douglas@...>wrote:
          >
          > Nor should it be confused with security or safety. A signature does not
          > turn dangerous code into safe code. The problem here isn't authenticity, it
          > is misuse of power.
          >

          So you're saying we shouldn't trust you not to misuse your power?


          mathew
          --
          <URL:http://www.pobox.com/~meta/>


          [Non-text portions of this message have been removed]
        • Cheney, Edward A SSG RES USAR USARC
          Classification: UNCLASSIFIED ... Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My
          Message 4 of 6 , Feb 3, 2011
          • 0 Attachment
            Classification: UNCLASSIFIED

            > Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.

            Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.

            Austin Cheney, CISSP
            http://prettydiff.com/
            Classification: UNCLASSIFIED
          • Cheney, Edward A SSG RES USAR USARC
            Classification: UNCLASSIFIED ... Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My
            Message 5 of 6 , Feb 3, 2011
            • 0 Attachment
              Classification: UNCLASSIFIED

              > Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.

              Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.

              Austin Cheney, CISSP
              http://prettydiff.com/
              Classification: UNCLASSIFIED
            • Douglas Crockford
              ... No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a
              Message 6 of 6 , Feb 3, 2011
              • 0 Attachment
                --- In jslint_com@yahoogroups.com, mathew <meta404@...> wrote:
                > On Thu, Feb 3, 2011 at 12:33, Douglas Crockford <douglas@...>wrote:
                > >
                > > Nor should it be confused with security or safety. A signature does not
                > > turn dangerous code into safe code. The problem here isn't authenticity, it
                > > is misuse of power.
                > >
                >
                > So you're saying we shouldn't trust you not to misuse your power?


                No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a signature cannot by itself make a program trustworthy.
              Your message has been successfully submitted and would be delivered to recipients shortly.