On Fri, Sep 6, 2013 at 6:02 PM, Tim Bray <tbray(_at_)textuality(_dot_)com>
wrote:
How about a BCP saying conforming implementations of a wide-variety of
security-area RFCs MUST be open-source?
*ducks*
And the user MUST compile them themselves from the sources?
Nobody runs open source, (unless its an interpreted language). They run the
compiled version and there is no infrastructure to check up on the
compilation.
And don't forget:
http://cm.bell-labs.com/who/ken/trust.html
Ned