Loading ...
Sorry, an error occurred while loading the content.

[jslint] Re: ANN: JSLint Reporter (Node.js wrapper) (UNCLASSIFIED)

Expand Messages
  • Douglas Crockford
    ... Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn t authenticity, it is
    Message 1 of 6 , Feb 3, 2011
    • 0 Attachment
      --- In jslint_com@yahoogroups.com, "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@...> wrote:
      >
      > Classification: UNCLASSIFIED
      >
      > > A digital signature does not make things less worse.
      > > It is false security.
      >
      > A digital signature is not false security. It is the preferred means of validating authenticity. A digital signature should not be confused with encryption, hashing, or public keys.


      Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.
    • mathew
      ... So you re saying we shouldn t trust you not to misuse your power? mathew -- [Non-text portions of this message have been
      Message 2 of 6 , Feb 3, 2011
      • 0 Attachment
        On Thu, Feb 3, 2011 at 12:33, Douglas Crockford <douglas@...>wrote:
        >
        > Nor should it be confused with security or safety. A signature does not
        > turn dangerous code into safe code. The problem here isn't authenticity, it
        > is misuse of power.
        >

        So you're saying we shouldn't trust you not to misuse your power?


        mathew
        --
        <URL:http://www.pobox.com/~meta/>


        [Non-text portions of this message have been removed]
      • Cheney, Edward A SSG RES USAR USARC
        Classification: UNCLASSIFIED ... Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My
        Message 3 of 6 , Feb 3, 2011
        • 0 Attachment
          Classification: UNCLASSIFIED

          > Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.

          Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.

          Austin Cheney, CISSP
          http://prettydiff.com/
          Classification: UNCLASSIFIED
        • Cheney, Edward A SSG RES USAR USARC
          Classification: UNCLASSIFIED ... Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My
          Message 4 of 6 , Feb 3, 2011
          • 0 Attachment
            Classification: UNCLASSIFIED

            > Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.

            Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.

            Austin Cheney, CISSP
            http://prettydiff.com/
            Classification: UNCLASSIFIED
          • Douglas Crockford
            ... No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a
            Message 5 of 6 , Feb 3, 2011
            • 0 Attachment
              --- In jslint_com@yahoogroups.com, mathew <meta404@...> wrote:
              > On Thu, Feb 3, 2011 at 12:33, Douglas Crockford <douglas@...>wrote:
              > >
              > > Nor should it be confused with security or safety. A signature does not
              > > turn dangerous code into safe code. The problem here isn't authenticity, it
              > > is misuse of power.
              > >
              >
              > So you're saying we shouldn't trust you not to misuse your power?


              No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a signature cannot by itself make a program trustworthy.
            Your message has been successfully submitted and would be delivered to recipients shortly.