[jstummbillig]

The point is that there is zero positive correlation between a vault doing its job and telling everyone where exactly it is. The bank would happily have it hidden in different secret dimension, if they could. It makes the vault safer. It's better.

"Why would you not tell us how to get to the secret dimension if it's so great?" It's just a dumb question.

[ndsipa_pomu]

> The point is that there is zero positive correlation between a vault doing its job and telling everyone where exactly it is.

Yes, but the more important correlation is between keeping something secret and it being a bad idea (at least for some people). It's like using security through obscurity - it has to be kept secret because it's flawed, whereas a bank vault doesn't need to be in a secret location because it has other means of protecting its contents.

There's so many examples of closed source "security" that is just a clusterfuck. Not that mistakes aren't made with open source, but knowing that other people will likely look at your code tends to make people put a bit more thought into it.

[jstummbillig]

That confuses how offense/defense works in software vs real world. Publishing your vault layout will not lead to a lot of people want to use the vault and in the process submitting "patches" that you then can use and make your vault better. A built vault is not something that is easily malleable.

More people can however work on a great plan to attack it, which only has to work once, to be worth it.