When was the last time someone looked over the entire code base of mySQL to make sure it didn't have a trojan inside? I mean hey, theoretically, who goes over source code? Reading other programmer's source is both painful and difficult. It would not be hard for someone to release a oss package, announce it on freshmeat, have it distributed to thousands of people -- and have malicious code inside it. I mean, hey, do you always read the Makefile to make sure it doesn't contain a line that says "rm -rf /" for "make install"?
Just my five nickels.... Paul Lowe [EMAIL PROTECTED] -----Original Message----- From: Bud Rogers <[EMAIL PROTECTED]> To: Debian Security <debian-security@lists.debian.org> Date: Sunday, October 08, 2000 6:13 AM Subject: Is Open Source software really more secure? >I've always taken for granted the idea that open source was inherently more >secure because it's open to peer review. Linus said "Given enough eyes, all >bugs are shallow." But has anyone ever done a serious study on the subject? > I've seen plenty of emotional arguments and anecdotal evidence, but nothing >that I would consider hard evidence. > >I'm doing a paper on this topic for a graduate level class in Information >Assurance Management. I'm looking for background material for my paper. I >would appreciate any pointers, urls, etc. > >-- >Bud Rogers <[EMAIL PROTECTED]> > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >