3 Feb
2025
3 Feb
'25
12:51 p.m.
On Feb 3, 2025, at 3:42 PM, Donald Whittemore via
cctalk <cctalk(a)classiccmp.org> wrote:
I was not being specific on language or the app. I was questioning the general impression
that open source is safe(r). If I am not proficient in the source language or have the
ability to create my own executable I don’t see how open source is ‘safer’ for the average
Joe or app.
That's true but that's because of your limitations, not because of the nature of
open source.
Open source is the "thousand eyeballs" notion that more review is better. Those
eyeballs need to be skilled, not just in the programming language used but more
importantly in the subject matter of the code. You can't be a good open source
compiler reviewer if you're not skilled in compilers. You can't verify the
correctness of, say, GPG, if you don't know cryptography.
The general population of software users is the beneficiary of all those eyeballs; it
isn't necessary for every last one of them to do the reviewing.
paul