Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!genrad!mit-eddi!smh
From: smh@mit-eddi.UUCP (Steven M. Haflich)
Newsgroups: net.unix-wizards
Subject: Re: More comments about UNIX Security.
Message-ID: <312@mit-eddi.UUCP>
Date: Sat, 25-Jun-83 08:35:28 EDT
Article-I.D.: mit-eddi.312
Posted: Sat Jun 25 08:35:28 1983
Date-Received: Sat, 25-Jun-83 19:45:07 EDT
References: sri-arpa.2366
Lines: 16

OS security is such a challenging intellectual problem (like chess) that
its public discussion ought to be justified for that reason alone!  More
practically, everyone on the net should realize that it is almost
impossible to restrict information flow.  Three people can keep a secret
if two of them are dead, as the old saying goes.

One wizard at a site receives the security mailing, properly passes it on
to other wizards, but all it takes then is for one of them to leak the
info innocently of not to unauthorized readers.  (E.g., I have friends
at a university site, out of state and not on the net, who could
reasonably qualify for distribution.  What if I innocently pass the
stuff onto them, but they incorrectly understand the need for security.)

If you want to discuss security issues, best to do it in public.  At the
very least, assume the discussion IS public, despite best efforts to the
contrary.