|
Rockbox mail archiveSubject: Re: mp3 cutting and pastingRe: mp3 cutting and pasting
From: Johan Vromans <jvromans_at_squirrel.nl>
Date: Wed, 11 Aug 2004 13:34:56 +0200 Fred Maxwell <rockbox_at_anti-spam.org> writes: > Malicious code was found in many closed source projects, too, but I > don't consider the discovery proof that closed source guarantees > security. What concerns me is that, in both cases I mentioned, the > malicious code went undetected for extended periods of time. Yes, one would expect the malicous code to be expected much sooner. But the bottom line is that the open source model is better than the closed source model, although it is not perfect either. > Ken Thomson's conclusion was: "You can't trust code that you did not > totally create yourself," and that "no amount of source-level > verification or scrutiny will protect you from using untrusted > code." That seems to fly in the face of your assertion that having > the source means that you can trust the code. Again, I believe in the community. We, the community, wrote the software, so we can trust it. At the least we can trust it more than software we didn't write. Again, it may not be a perfect model, I think it's better. > What is the risk for a company like ZoneLabs if their firewall was > found to contain malicious code? It doesn't have to be malicious. The code can be in error, or just overlooking certain cases (white-listing versus black-listing). For a big company (or well-known individual) that has a name (market share) to loose one would say that there's a big chance they at least did their very best to prevent this from happening (but still they won't take _any_ responsibility, read the EULA). On the other hand, this seems to be contradicted by the experiences with the flaws found in Windows and Internet Explorer. The problem is that you just don't know, and have no ways to find out. > None of the above is meant to imply that closed source is more > secure than open source or vice-versa. Very true. But with open source software at least you can do something. -- Johan _______________________________________________ http://cool.haxx.se/mailman/listinfo/rockbox Received on 2004-08-11 Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy |