On Sun, 08 Jun 2014 04:07:12 -0400 Bill Cox <waywardgeek@xxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What would you guys think of doing two releases in Phase 1, before > doing any major changes in Phase 2? The first release could be a > simple rebranding, very similar to RealCrypt, except with new art and > a new name. The second release could update the build tool chain and > include the "short-term" fixes suggested by the audit. > > This would give us a chance to pipe-clean our release methods before > asking our users to depend on our ability to produce *any* trustworthy > code. It also would help us become familiar with the painful build > process that currently exists. I think it might help us develop > better informed opinions on issues like whether or not to drop BIOS > FDE support in order to stop depending on a 1991 version of Microsoft > Visual C. This issue bothers me, since the audit recommends updating > to use new build tools, and that would, AFAIK, make it impossible to > support the BIOS FDE driver. > > After a quick rebranded release, we could improve our process, and > then do the near-term fixes suggested in the audit, and have another > release. There are downsides to having too many releases. Users get > confused, for one thing, and it's more work for us. However, I think > showing that we are dedicated enough to do two early releases might > give people more confidence in this case. As I mentioned on the forums, I think it would be a good idea. Mainly because it will a) create trust in the userbase and b) help us get familiar with the environment before making big changes. > > One more issue: Have we identified a Mac OS X maintainer? We have a > couple people who can do Windows (including me if needed), and it > sounds like we all can do Linux. Was there a Mac OS X enthusiast > among us? It's definitely not me! As being cross-platform remains > the one really unique feature of TrueCrypt, I guess we can't drop Mac > OS X support, even though I'd like to :-) Hell no. I'm afraid I'm not. > > Bill > > I have never been served with any warrant such as an NSL, I have no > gag order of any kind, and am not under any sort of compulsion related > to the CipherShed project. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (MingW32) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlOUGbAACgkQOWoeo052SL6l+gCfd8bo1aRYXqgZX2uI01QoYfVx > xJIAnjofBpfLOF2oRMDsv+gb2/XxQY/b > =j99i > -----END PGP SIGNATURE----- > -- Niklas At the time of writing, no warrants have ever been served to me, Niklas Lemcke, nor am I under any personal legal compulsion concerning the CipherShed project. I do not know of any searches or seizures of my assets.
Attachment:
signature.asc
Description: PGP signature