On 7/8/2015 1:18 PM, Derek Martin wrote:
But it does not matter; you asked if I know any such people; you did not ask me to prove it. Moreover, MY trust depends neither on my ability nor my willingness to prove my trust TO YOU.
My willingness to trust you does. Your claim is that open source is good because "some smart people" who you are unwilling or unable to name say it is. And then you provide one cherry-picked (as far as I can tell) example to specifically name, totally missing the irony of that person's job being identifying where open source security fails. And then you tell me to figure out the rest for myself. The appropriate response in polite conversation would be something like I flip you the bird and walk away.
The notion that open source affords only an illusion of more assurance than closed source is nonsense. It is still not perfect, as surely no human endeavor is.
The notion is not nonsense. It's reality. It's why Bashdoor went publicly undetected for 25 years. Many eyes looked at it but none of them, not even those of the vaunted unnameables, not even yours, spotted it or twigged to the severity. All of us... well, most of us anyway, myself included, were blinded by the illusion. We believed if there were problems then "some smart people" would have noticed them and fixed them because that's what open source is all about.
That didn't happen and we got another critical security flag day for the year.
-- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
