3 Feb
2025
3 Feb
'25
11:25 a.m.
On Feb 3, 2025, at 2:08 PM, Donald Whittemore via
cctalk <cctalk(a)classiccmp.org> wrote:
I am an old mainframe guy. I could give you my COBOL deck of cards or the compile
listing. You could pour through the code looking for nefarious/malicious code. I then hand
you the object deck. You have no idea if it matches the code you looked at. The only way
you could be sure is to compile the code I gave you and use your own object deck.
So why is open source these days such a beneficial thing? DeepSeek may be open source but
I have no way to create my own executable. Besides, I don’t know what language it is
written in but I bet I have no expertise in it. No way to for me to identify nasty code.
Yes, many people may have reviewed the code but that does not mean what I am running is
the result of that code.
Open source, properly defined, means not just that you can see the code but that you have
the possibility of building it. If DeepSeek is advertised as open source but you
can't create your own executable, that's clearly false advertising.
The language doesn't matter so long as it's an available one. If you don't
know it you can learn. For example, you could write open source code in COBOL, that's
perfectly valid. Not a whole lot of people are left who can check your work, but anyone
who wants to can learn the necessary basics.
BTW, strictly speaking you should also suspect the compiler. See "Reflections on
trusting trust".
paul