On Fri, Oct 31, 2008 at 16:40, JJB <[EMAIL PROTECTED]> wrote: > If I was able to read and understand the source, I would probably be > contributing to it.
It really doesn't take that much, you don't even have to be a programmer per se. Reading source code may speed up the process, but identifying replicable errors is probably one of the biggest time consumers, and anyone can do that. > Isn't there usually an oversight process in which source > commits are reviewed by someone before being accepted? Otherwise someone > could be putting back doors or spy-code into the source code? Usually projects have commits limited to a small group; once you're in, though, few have code audits. Stuff gets caught (if ever) by end-users or random chance. > If I worked for an alphabet soup agency, I would certainly ***love*** to be > involved in open source development! That's often speculated, but unless the exploit were extraordinarily clever in nature, the potential social damage a TLA would take for subverting a public project _and_ getting caught is immense. Risk v. return, it's easier to just get a warrantless wiretap, as often as not. > With closed source software there is a level of accountability - if > something like that was discovered the companies reputation would suffer, > there could even be lawsuits, loss of revenue, etc. Bah. I've worked for companies with closed software, and what goes on behind closed doors is worse than what happens in the open. Faking reports, outright lies, etc. Reputations never suffer, marketing adds another glossy & blames it on a "glitch with their supplier in India". Someone too insignificant to matter gets their head on a platter, and the company continues to make mad gobs of money. > My understanding (perhaps ignorant) is that there is some kind of process in > most group-effort open source projects, especially of this importance to > screen code before it is committed to cvs or svn or whatever version > tracking software is used. See above comment; seldom, if ever, do any projects institute code audits after a member's breaking-in period. RB --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
