- From: Emmanuel Revah <stsil@manurevah.com>
- Date: Fri, 12 Jul 2013 23:09:12 +0200
- To: public-restrictedmedia@w3.org
On 2013/07/12 22:59, Mark Watson wrote: > On Fri, Jul 12, 2013 at 1:43 PM, Emmanuel Revah <stsil@manurevah.com> > wrote: > >> On 2013/07/12 21:25, Mark Watson wrote: >> >>> Sent from my iPhone >> [...] >> >>> Just to re-iterate, the intention is that the closed software >>> comes >>> from, or is at least well understood by, your browser implementor >>> or >>> your OS implementor. I believe you have bigger problems if you >>> don't >>> trust either of those. >> >> Are you insinuating that FOSS users are paranoid freaks ? What >> are the bigger problems ? I wouldn't mind clarification. > > I think FOSS users are more careful about what they trust than others. > That doesn't make them paranoid. > > For example, if you don't trust your browser or OS implementation than > how do you know it is telling you the truth when it does SSL > certificate verification or indeed any other security function ? How > do you know that the so-called anonymous mode really is anonymous, or > rather what the implementors thought "anonymous" really meant ? How do > you have confidence there aren't gaping security holes in the > implementation that leave you open to malware ? > > Some people gain this knowledge through their own security review of > the implementation source code. Other users trust the vendors of > closed source browsers. Others trust the vendors of open source > browsers and trust that the open source community has done this kind > of review. What I'm saying is that IF you trust a browser/OS on all of > the above things, why wouldn't you trust them with respect to the CDM > they ship and vouch for ? Peer review is worthless if it can only be done by a selected group of individuals. -- Emmanuel Revah http://manurevah.com
Received on Friday, 12 July 2013 21:09:40 UTC