3 Feb
2025
3 Feb
'25
2:52 p.m.
On 2/3/25 13:14, Paul Koning wrote:
You miss my tongue-in-cheek observation. iPhone software isn't, to bhe
best of my knowledge, open-source. How does one know or determine that
there's not malware in vendor-supplied software?
--Chuck
On Feb 3, 2025, at 4:08 PM, Chuck Guzis via
cctalk <cctalk(a)classiccmp.org> wrote:
On 2/3/25 12:51, Wayne S via cctalk wrote:
There is something there, though. If you use a binary supplied by a packager you have to
worry not just about the bugs in the original open source project, but also about bugs
added by patches created by the packager. There is a notorious example of one of the
Linux distributions (Debian?) inserting a fatal security bug into openSSL. The original
was right, but someone made a patch that clearly demonstrated an utter lack of clue.
If safety is of paramount importance, a supplied
object or executable should never be used. That’s just common sense.
Sent from my iPhone
Seems to be a cognitive disconnect, here.