Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!uunet!stanford.edu!ATHENA.MIT.EDU!tytso
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Newsgroups: comp.protocols.kerberos
Subject: Re: Integrity of MIT source
Message-ID: <9103081720.AA29253@tsx-11.MIT.EDU>
Date: 8 Mar 91 17:20:04 GMT
References: <9103081659.AA21439@ATHENA.MIT.EDU>
Sender: news@shelby.stanford.edu (USENET News System)
Reply-To: tytso@ATHENA.MIT.EDU
Organization: Internet-USENET Gateway at Stanford University
Lines: 17


   From: pato@apollo.com (Joe Pato)
   Date: Fri, 8 Mar 91 11:40:30 EST

   It may be true that a vendor does not release the source code to
   Kerberos - but then again the vendor probably also does not release
   the source code to the OS or to the login program or any other
   component of the trusted computing base.  

True; but then again, one of the reasons why I asked for a VS 3100 on my
desk instead of a Decstation is that we run BSD 4.3 on Vax
architectures, and we run Ultrix 3.1 on the Decstations.  I currently
have sources to what I run, and I consider this to be a huge win.  I
would assert that in a perfect world, everyone should have the option of
perusing the TCB if they so choose.

						- Ted