[Cryptography] how reliably do audits spot backdoors?

[Peter Gutmann]

Phillip Hallam-Baker <hallam at gmail.com> writes:

>I recently tried to install the IETF tool for writing in their stupid
>documentation format and found that the code would not run because it needed
>another package. 

That's why you use http://xml.resource.org/.  Someone else gets to manage to
dependency hell for you.

>Python suffers from the same dll hell idiocy as Windows used to before people
>started to get a clue and realize that shared object libraries are not your
>friend.

Linux in general seems to suffer from this.  It was always amusing seeing
Linux users make fun of Windows because of DLL hell (circa Windows 3.1), but
then go on to create their own depdency tartarus, malbolge, xibalba, naraka,
and sheol.  Open-source security tools seem to be particularly bad for this,
the amount of hacking you need to do to get something up and running often
isn't worth the effort.

Peter (yeah, I know, way off-topic).