Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Re: ANN: JSLint Reporter (Node.js wrapper) (UNCLASSIFIED)

Expand Messages
  • Cheney, Edward A SSG RES USAR USARC
    Classification: UNCLASSIFIED ... Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My
    Message 1 of 6 , Feb 3, 2011
    • 0 Attachment
      Classification: UNCLASSIFIED

      > Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.

      Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.

      Austin Cheney, CISSP
      http://prettydiff.com/
      Classification: UNCLASSIFIED
    • Cheney, Edward A SSG RES USAR USARC
      Classification: UNCLASSIFIED ... Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My
      Message 2 of 6 , Feb 3, 2011
      • 0 Attachment
        Classification: UNCLASSIFIED

        > Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.

        Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.

        Austin Cheney, CISSP
        http://prettydiff.com/
        Classification: UNCLASSIFIED
      • Douglas Crockford
        ... No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a
        Message 3 of 6 , Feb 3, 2011
        • 0 Attachment
          --- In jslint_com@yahoogroups.com, mathew <meta404@...> wrote:
          > On Thu, Feb 3, 2011 at 12:33, Douglas Crockford <douglas@...>wrote:
          > >
          > > Nor should it be confused with security or safety. A signature does not
          > > turn dangerous code into safe code. The problem here isn't authenticity, it
          > > is misuse of power.
          > >
          >
          > So you're saying we shouldn't trust you not to misuse your power?


          No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a signature cannot by itself make a program trustworthy.
        Your message has been successfully submitted and would be delivered to recipients shortly.