Forget Hardy

[Mario Vukelic]

On Tue, 2008-06-10 at 16:51 -0400, mwbesemer at cox.net wrote:
> I never took Karl's side, did I?  Karl and I are subscribed to many
> of the same lists, so there's a good chance I know more about him than you do.

I know everything about him that I need to know in the context of this
list.

> <snip>
> But, since you point out that the Kernal can have
> issues as well, my statement regarding Linux security stands correct.  

No, your statement is not correct. I explained to you where the security
comes from, and I am willing to elaborate if you ask for details.
Otherwise, please do with the offered information what you will.

> I was merely stating a fact that, per my experience, the helpfulness
> I was assured was available is lacking.  

But you gave not the slightest bit of an explanation or evidence for the
supposed lack of helpfulness. I can only repeat that you are invited to
state in which way there was a lack of helpfulness, and I expect people
to try and improve on it, if the complaint is warranted.

> Now... a question regarding your post.  If the fact that a code is
> open/free source encourages due diligence in finding/patching security
> problems, does it not as well encourage the lunatics out there who have
> nothing better to do then find and exploit those holes?

You refer to what is known as "security through obscurity". While it is
true that sometimes it can be helpful in the short term to have some
obscurity, in the long term security comes ultimately from secure
algorithms and code. Openness helps with that. The Wikipedia article
gives a quite good
overview: http://en.wikipedia.org/wiki/Security_through_obscurity