On Tue, 28 Jun 2011, Shawn H Corey wrote:
> On 11-06-28 09:57 AM, Jean-Francois Messier wrote:
> > Actually, OpenSource is more secure, as if one does not trust a
> > compiled program, he/she can recompile from source, and perform a
> > full source code inspection, which cannot be performed on closed
> > programs. It took a lot of efforts for US government and then
> > other governments to get their hands on Windows source code,
> > invoking national security. Even then, what the consumer/user gets
> > is a closed program.
>
> The other complaint is that no-one has the time to look at the
> source, therefore security breaches will be missed. But to
> paraphrase Linus, "Many eyes make all security breaches shallow."
> Someone will look at the source and if they find something, will
> inform the community. In numbers lie security.
see my last post. i'm becoming increasingly convinced that simple
access to the entire current code base isn't *remotely* as important
as access to the entire version control log. and that's what i think
i'll emphasize.
rday
--
========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca
Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================