Re: On the definition of source

To: debian-legal@lists.debian.org
Subject: Re: On the definition of source
From: Rich Walker <rw@shadow.org.uk>
Date: Fri, 22 Jul 2005 00:56:12 +0100
Message-id: <[🔎] m3k6jjsogz.fsf@shadow.org.uk>
References: <[🔎] E1Dutmx-0008Ee-00@chiark.greenend.org.uk> <[🔎] 20050720002424.4590f1ee.frx@winstonsmith.info> <[🔎] E1Dv1g0-0000JE-00@chiark.greenend.org.uk> <[🔎] 20050720171707.GX29429@archimedes.ucr.edu> <[🔎] E1DvItD-00051F-00@chiark.greenend.org.uk> <[🔎] 20050720181941.GY29429@archimedes.ucr.edu> <[🔎] E1DvX5S-0007Aq-00@chiark.greenend.org.uk> <[🔎] 20050721192246.GF29429@archimedes.ucr.edu> <[🔎] 625a0e650507211425768fc4c8@mail.gmail.com>

"Michael K. Edwards" <m.k.edwards@gmail.com> writes:
[snip]
> If you're going to accept programs for inclusion in main that are
> written and maintained by people with an agenda -- which includes but
> is not limited to corporate backers who profit from the sale of tied
> produces and services -- you have to recognize that not everything
> about their design goals and inner wokings is fully disclosed.  The
> classic example is DES; the S-boxes were designed to be resistant to
> differential cryptanalysis, which was unknown in the public literature
> at the time (see
> http://en.wikipedia.org/wiki/Differential_cryptanalysis ).  Commercial
> users just had to take the NSA's (i. e., MITRE's) word for it that
> S-box tweaking was motivated by a desire to strengthen DES rather than
> to Trojan it.

I think you mean:

  The story that is circulated now about the tweaking of the S-box is
  that it was to make DES more resistant to differential cryptanalysis,
  which was unknown at the time.

Once you allow systems to exist with poor disclosure of the construction
process of their internals, you have opened up a back door wide enough
to drive a thousand exploits through.

If you are aware that the providers of the system have an agenda, then
it actually makes sense to work *harder* on the "full disclosure of all
components necessary to reconstruct" angle than you would otherwise.

(Yes, I *am* in the business of producing stuff that you can only
reproduce part of from the design data.)

cheers, Rich.

-- 
rich walker         |  Shadow Robot Company | rw@shadow.org.uk
technical director     251 Liverpool Road   |
need a Hand?           London  N1 1LX       | +UK 20 7700 2487
www.shadow.org.uk/products/newhand.shtml

Reply to:

Follow-Ups:
- Re: On the definition of source
  - From: "Michael K. Edwards" <m.k.edwards@gmail.com>

References:
- Re: generated source files, GPL and DFSG
  - From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
- Re: generated source files, GPL and DFSG
  - From: Francesco Poli <frx@winstonsmith.info>
- Re: generated source files, GPL and DFSG
  - From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
- Re: generated source files, GPL and DFSG
  - From: Don Armstrong <don@debian.org>
- Re: generated source files, GPL and DFSG
  - From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
- On the definition of source [Was: Re: generated source files, GPL and DFSG]
  - From: Don Armstrong <don@debian.org>
- Re: On the definition of source [Was: Re: generated source files, GPL and DFSG]
  - From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
- Re: On the definition of source [Was: Re: generated source files, GPL and DFSG]
  - From: Don Armstrong <don@debian.org>
- Re: On the definition of source [Was: Re: generated source files, GPL and DFSG]
  - From: "Michael K. Edwards" <m.k.edwards@gmail.com>

Prev by Date: Re: generated source files, GPL and DFSG
Next by Date: Re: generated source files, GPL and DFSG
Previous by thread: Re: On the definition of source [Was: Re: generated source files, GPL and DFSG]
Next by thread: Re: On the definition of source
Index(es):
- Date
- Thread