[Cryptography] Fork of TrueCrypt
Bill Cox
waywardgeek at gmail.com
Tue Jun 3 17:32:23 EDT 2014
On Tue, Jun 3, 2014 at 5:12 PM, <tpb-crypto at laposte.net> wrote:
> > Message du 03/06/14 21:34
> > De : "Bill Cox"
> >
> > An auto-update feature pinging the server would alert any network snooper
> > of exactly who was using the TrueCrypt fork. From a security point of
> > view, auto-update is DOA.
> >
> > I read some more posts over on truecrypt.ch. The more technical of the
> two
> > guys behind it wonders if he can buy out the zulucrypt guys. He's
> > definitely thinking of this as his new startup rather than a FOSS effort.
> > From that point of view, auto-update makes sense. I am losing confidence
> > in this team. It seems they're just interested in cashing in on
> TrueCrypt.
> >
>
> It is not a bad thing if they cash in, as long as they do a good job.
> Because they are rookies, maybe they can confuse things up, as an older guy
> you could guide them to a good outcome.
>
Absolutely true! If the truecrypt.ch guys issued a goal list that had
taking all the code in a FOSS direction, working with (but not buying)
ZuluCrypt and others, defending the code with stringent application of
KISS, and fixing TrueCrypt's poor password security, I'd be onboard even if
they were raising money. I just find that the money as often as not pushes
a FOSS project in a direction it really shouldn't go, and I think this is
especially true for crypto. Stated goals like "continual feature
enhancements" is what a marketing guy things of when there's a continual
money stream. Injuring marketing guys is probably what a lot of crypto
guys think of when they hear "continual feature enhancements".
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140603/87ad3770/attachment.html>
More information about the cryptography
mailing list