Petr Slechta wrote:
> And I know the provenance of the library. Many O/S projects use Apache 
> commons libraries for example. Nobody compiles them, everybody just use 
> them. I trust this library. I can get sources, but would you examine 
> each line of the code to be sure that the library is OK?
> 

Maybe *you* know. Maybe. But what about the rest of the world? How am 
I supposed to know where you got the jar from and what is in it?

And yes, at least in principle every line of code should be examined. 
Or at the very least, examinable. It's not open source otherwise.

-- 
blu

"Murderous organizations have increased in size and scope; they are
more daring, they are served by the most terrible weapons offered by
modern science, and the world is nowadays threatened by new forces
which, if recklessly unchained, may some day wreak universal
destruction."  - Arthur Griffith, 1898
----------------------------------------------------------------------
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom

Reply via email to