PGP source code

Sat, 1 Sep 2001 11:52:26 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <3.0.5.32.20010901102535.017d3878@194.62.44.61>, Nicholas
Bohm <nbohm@ernest.net> writes

>>since one cannot compile it, I cannot see how this statement can be
>>verified :-(
>
>I read it as saying that you can indeed compile it, but only for Peer
>Review purposes.

my apologies, you are correct

however - this is still not "Peer Review" as the industry (and academia)
has previously considered it:

2. Restrictions.  Except as otherwise provided herein, you may not,
without prior written permission from NAI:

        (vi) Provide, or otherwise disclose information regarding any
        discovered bugs, errors, architecture issues or problems with
        the Source Code or Compiled Code to any party other than Network
        Associates, or disclose the results of any benchmark test any
        third parties without Network Associates' prior written consent. 

This looks more like "free consultancy" than "peer review" to me.

What value is there to the community if I locate an error in the code
and cannot disclose it to anyone else. The value of "peer review" is
that I can rely upon others disclosing what they found and they can rely
upon me disclosing what I find, if anything.

I also find the restrictions (I cannot back up the source, nor can I
keep it anywhere other than on a single password protected machine)
strongly suggestive that this is an agreement meant for totally
different purposes.

- -- 
richard                     richard.clayton  @  h i g h w a y m a n . com

"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBO5C96hfnRQV/feRLEQLznwCeKJ+0Fd2h1pyejVmi+UDW94dlk20AoMWK
CjlSJswGGK13iguGgdVzhGX4
=PyyN
-----END PGP SIGNATURE-----