Debating OSS: Yubico OpenPGP bug "was NOT detected by any audit of the source code", well not competent ones...https://twitter.com/AsherLangton/status/731190908041842688 …
I disagree, it helps and it doesn' hurt...it might contribute 0 worst case but certainly it doesn't hurt technical interests
-
-
I am just disappointed with the slow migration to a different model based on commercial concerns rather than technical
-
and the apparent mismanagement of at least 2 security bugs in my mind, again I find the all != OSS dissertation as indelicate
-
I am not against OSS. I just don't want people to assume OSS == more secure. Assurance can be built without opening source.
-
yes, I disagree on the opposite "There is an inverse relationship between making a chip open and achieving security certifications"
-
that is a quote from the post, their initial OSS use is being reversed, somwehat criticized and it was poorly managed to begin with
-
Not really a reversal. No yubikey source has ever been open AFAIK. The applet loaded on Neo was badly managed 3rd party OSS.
-
incorrect, they took ownership of their fork https://github.com/Yubico/ykneo-openpgp …
-
They forked an OSS project and kept their fork open. PGPCard functionality in YK4 is unrelated code. Clearly stated in blog.
- 10 more replies
New conversation -
-
-
Only helps if someone competent is paid to look at it. I'd rather
@Yubico do that and publish results. Can be done under NDAThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.