[sword-devel] what problem are you trying to solve? (Re: encryption and integrity checking.)
karl at kleinpaste.org
Wed Mar 11 20:32:26 MST 2009
Jonathan Morgan <jonmmorgan at gmail.com> writes:
> You mean publishers need to have an argumentation base? Since they
> claim ownership of the text, their word is law, no matter how dubious
> you may think the decisions they make are.
> They are open source, and thus suspect by default. Does anything more
> need to be said?
Good gracious, yes; that is hardly all there is to say. I have a couple
inclinations, some more hostile than others.
First, on defeatism: Choosing to lay down and die upon a user's idiotic
attitude that "open source is suspect," not engaging them further
because "nothing more need be said," is not the way to win the hearts
and minds of anybody, or to gain progress for what we do.
Second, hostility: Publishers so dumb as to be unable to evaluate actual
risk (and thereby fail their obligations for due diligence) can just
kiss off. Personally, I'm not interested in helping publishers who not
only *are* dumb as a post, but who decide to *stay* dumb as a post.
Everyone starts out ignorant; ignorance itself is not blameworthy. But
ignorance can be corrected, and those who won't correct their ignorance
are best left to the ash heaps of history. (This is not defeatism; this
is the suitable reaction to refusal to accept education [see below].)
"Open source is suspect" is an irritatingly vacuous form of ignorance
and prejudice, as can be demonstrated most aptly, to say nothing of
trivially, by pointing out that their browser's SSL capability is based
on open source, even if they use IE.
Third, education: Troy has recounted having been asked by publishers
about security in the context of encrypted content, including brief
description of keys and content delivery. Obviously, Troy has not taken
the perspective that "their word is law," and that's wise. "Their word"
is merely one position to take, which should be treated as an
opportunity for education. When they are bright enough not to believe
such PR ("open source programs are insecure"; "Internet delivery can be
hacked"; pick any of a dozen other wrong statements about this kind of
work), then an argumentative case can be taught for why what we do is a
More information about the sword-devel