On Thu, Jun 01, 2006 at 12:23:49 +0930, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > One of the points raised was: "What's the point in open source if it > doesn't actually get examined?" We tend to take a lot of things on > faith, and we often have to. How many of us can vet someone else's > source? One argument I see put forward about PGP, et al, is that > anybody who had found a flaw would be proudly crowing about it, but > nobody has so far. Though that's countered by anyone who'd found a flaw > because they wanted to exploit it, would be keeping it to themselves. gpg does get looked at. A few months ago someone found a significant problem with the way it checked signatures.