Re: Gauntlet: source code anyone ?

[Steve George <stevege () i-way net uk>]

Hi Darren,

Sorry, I don't think I've been clear the first time.  Let me try and
restate it.

Free Speech is something we all value, desire and would be outraged if
we lost; but we also rarely use it.  When was the last time you actually
went out and spouted off about the government?  Like source code its'
significance is beyond any practical measurement, fundamentally they are
both the 'Right Thing'.  So the fact that few people use the source code
is not a good argument for the vendors to restrict it.  The option
should still be there for clients to fully inspect the product should
they wish to: afterall they are buying security and an important way to
assure this is to check the source code of the single point of failure.

That said MJR's arguments earlier in this thread illustrates a bleak but
probable future.  I don't know Marcus personally but as a he has
released all his source code I venture to say that choosing not to do so
would be a difficult step.  The fact that he is stating he will not
release the source in the future (for future products in case anyone
accuses me of misquoting) indicates how strong the commercial pressures
are.  Within companies where the security 'ethic' is less strong there
is probably no chance of source code ever being available.  Expansion in
the market place is killing security - to be dramatic.  

Solutions that come to mind are either for people to roll their own FW's
or to support a Free FW.  The problem with everyone rolling their own
FW's is that lots of clients and consultancies are resistant to it; it's
time intensive, requires more knowledge on the part of the implementor
and some clients view it as less secure than a commercial product.  The
second option would be the development of a GNU/Free alternative,  which
the community would support and use lots, a Linux of FW's as it were. 
The problem with the second option is that there has never really been
much drive in the community for developing a single(?) well-known
alternative, rather there are lots of varying but often good options.

Sorry, I was trying to be as succinct as possible in the previous mail.

Steve

Darren Reed wrote:
> In some email I received from Steve George, sie wrote:
> > It strikes me that source code availability is like free speech: you may
> > not use it but you sure notice when it's gone.
>
> Oh ?  Care to back this up with an example ?  Or are you saying that 99%
> of Americans don't need freedom of speech ?
>
> Darren