On Fri, Mar 07, 2003 at 06:53:27PM +0800, Chong Yu Meng wrote: >Actually, I've always had trouble buying into the "thousand eyes" >theory, because it assumes too much about the developer community. Call >me cynical, but I've seen too many instances of a really obvious problem >or contradiction escaping the eyes of a great many people, and I'm not >just talking about Linux here.
I think that the odds are much higher of getting proper fixes to open source software than proprietary, particularly when the proprietary vendor has a long history of ``Kindergarten Cryptographer's Mistakes'', and who's actions have shown that security isn't the vendor's strong point. I don't know how many times I've looked at a piece of my own code, and not found a problem that was seen immediately when somebody took a fresh look at it. I've done the reverse as well. How many times have security holes or Denial of Service vulnerabilities shown up that affect Linux systems, and fixes have appeared in 48 hours or less (e.g. sync flood attacks, wu-ftpd buffer overflows, etc.)? Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ With Congress, every time they make a joke it's a law; and every time they make a law it's a joke. -- Will Rogers _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
