Re: [jslint] Re: ANN: JSLint Reporter (Node.js wrapper) (UNCLASSIFIED)
- Classification: UNCLASSIFIED
> Nor should it be confused with security or safety. A signature does not turn dangerous code into safe code. The problem here isn't authenticity, it is misuse of power.Security does not imply safety. Security merely implies the degree of hardness from distractions to the objective. My antivirus found what it believes were two trojans in a Java download this week from Oracle. At least the download was signed and authentic, because otherwise I might be concerned.
Austin Cheney, CISSP
- --- In email@example.com, mathew <meta404@...> wrote:
> On Thu, Feb 3, 2011 at 12:33, Douglas Crockford <douglas@...>wrote:No, I am saying that trust is important, and that a signature is not a substitute for trust. It can in some cases stand as a token of trust. But a signature cannot by itself make a program trustworthy.
> > Nor should it be confused with security or safety. A signature does not
> > turn dangerous code into safe code. The problem here isn't authenticity, it
> > is misuse of power.
> So you're saying we shouldn't trust you not to misuse your power?