On Thursday, 2 November 2017 at 05:13:42 UTC, H. S. Teoh wrote:
There is another side to this argument, though. How many times
have *you* reviewed the source code of the software that you
use on a daily basis? Do you really *trust* the code that you
theoretically *can* review, but haven't actually reviewed? Do
you trust the code just because some random strangers on the
internet say they've reviewed it and it looks OK?
I did make that point ;-)
Of course you can't even view closed source. So there is no way
to audit it, and therefore no way to trust it. Full stop. That
cannot be argued against.
On the otherhand, just being open source, does not mean it can be
trusted - just look at the OpenSSL debacle - that's a great case
study if ever there was one..
But Ken Thompson summed it all up nicely: "You can't trust code
that you did not totally create yourself."
http://vxer.org/lib/pdf/Reflections%20on%20Trusting%20Trust.pdf
But the key value of open source, is not that you can (or cannot)
trust it, but that it's an enabler of evolution (and sometimes
just a slow ;-)
Linus gave a great talk about this important principle back in
2001:
https://www.youtube.com/watch?v=WVTWCPoUt8w
