[Asterisk-Users] Re: Advice on OS Choice

[Michael Giagnocavo]

>or 
>if policy is not followed, well then Bad Things are MUCH more likely to 
>occur.  With or without source being available.
>
>I suppose that having source can make the possibility for the occurance of
>Bad 
>Things marginally higher but it all comes down to design and policy, IMO.

And thus, you've just sealed how the lawyers are going to treat this:

"Manufacturer X could have been more careful and reduced the chances of this
tragedy occurring. Now all we can do is seek punishment for the people who
contributed to the loss of life."

You believe walking in and saying "Our policy states..." is going to work?

> This is substantially different from the encryption algorithm, where no
> amount of modifying the decryption code will result in the decryption
> code doing its work successfully without that key.

I disagree, and give my reasons in the above two paragraphs.

>> This is also why copy protection schemes have been successfully broken
>for
>> years and years and years.  It's not a question of /if/.  It's a question
>> of /how much work/.  A copy protection scheme is, after all, just a
>> variation on an integrity verification system.
>
>Agreed.  You can't possibly tell me that you expect a court to hold a
>vendor 
>liable when you can prove that the person updating the software went
>through 
>significant hoops and drastically altered the way the system works to get 
>their rogue binaries to work?  (ok maybe you can, there have been some 
>*weird* outcomes in the justice system)

So if you're calling the shots and can spend 2X the money in development
just to assure there's one less way to get you're a$$ sued off, you wouldn't
take it? 

-Michael