On 7/16/15 12:49 PM, alan@clueserver.org wrote:
On Thu, Jul 16, 2015 at 1:55 PM, Shelley <shelley@misanthropia.org> wrote:
On July 16, 2015 10:24:23 AM "Stephen D. Williams" <sdw@lig.net> wrote:
On 7/16/15 7:51 AM, Georgi Guninski wrote:
On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: > In a lot of ways, this is an elegant solution and could arguably be > much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument?
it can hardly be less secure than windoze imho. Cypherpunks + Windows, what do you think? It's making me break out in hives, stop it! :p
*shudder* The bazillion lines of effectively unaudited code in opensource kernels and software should have the same effect upon you. I personally have audited quite a bit of FOSS (and enough spot checkers can get pretty good coverage), but not one line of
On 7/16/15 11:44 AM, grarpamp wrote: proprietary Microsoft, Oracle, or Apple code. Your fears may be misplaced. Large companies regularly scan their open source (and proprietary code) with Black Duck's ProtexIP software. That product shows if code is "borrowed" from other places. They also have open source tools that do similar things.
The idea that open source is filled with stolen code is FUD.
"Stolen code" isn't really an issue most of the time, but can be legally if a lot is used in a way that conflicts with a license. Reusing code snippets is, to a large extent, not really a copyright issue and often fair use or use of something that isn't really protected by copyright. In any case, it is a legal issue separate from the security implications. The FUD in question is whether there are security problems of some kind lurking in code, and whether it is easier to compromise a binary when you have source to start with. The flip side is that it is easier to hide back doors in code that has limited access to source code. Security mistakes, deliberate malware, and detection are possible in both cases, but in different ways, with different numbers of actual or potential people looking and with different likelihood of active positive or negative collusion. sdw