Re: Gauntlet: source code anyone ?

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Kees Hendrikse, sie wrote:
> Darren wrote:
>
> > Also, having been part of a support organisation, we have no records of
> > anyone ever asking us for product source code. In as much as I've dealt with
> > end-users, I've never even been asked about the 'security' of the firewall.
> > People assume that since it's a firewall, it's immune to attack entirely.

I didn't write the above...be careful with attributing names in email
replies.

> The number of people that ask for source code is not very relevant to the
> question if it should be available. Say you have 10000 users of a product,
> of which 9990 assume it is working flawlessly and never ask for code. The
> other 10 have a clue and want to review (parts of) the code. Do you refuse
> because 'nobody' asks? I wouldn't. 

My point is that if the bugs which exist in 4.1 *still* exist that there
has been NO review and that the claims that it should be available for
this purpose are effectively nullified.

I've heard mention of maybe one or two people who've submitted patches
for Gauntlet bugs in this thread.  If they've shipped 10,000 units then
that's .01% and if the people who wanted to review it were serious then
maybe a serious review should be organised rather than handing over the
source code to someone who may or may not have the time/skills to do it.

Darren