3 Feb
2025
3 Feb
'25
1:14 p.m.
My own thoughts as a sometimes-opensource developer:
1. Opensource allows you to leverage the community. They will sometimes
research problems, fix bugs, or develop features.
2. Opensource allows people to answer their own questions. Documentation
always drifts from implementation. If you want to know how something works,
read the code. It may take some effort, but you'll know how it works.
3. Opensource inhibits "security through obscurity" by preventing
obscurity. You're less likely to do dumb things in plain sight, and more
likely to get caught if you do.
Being able to "build it yourself" is the benefit that seems to have most
been talked about in this thread, but then you go down the rabbit-hole of
"... but did you build the compiler yourself?" and "... but did you build
the compiler that compiled the compiler yourself?".
Scott
On Mon, Feb 3, 2025 at 1:03 PM Tony Jones via cctalk <cctalk(a)classiccmp.org>
wrote:
On Mon, Feb 3, 2025 at 12:51 PM Donald Whittemore via
cctalk <
cctalk(a)classiccmp.org> wrote:
If I don’t have the code expertise or compiling
capability how do I know
the executable is safe?
How do you know a closed-source executable is safe? Hackers have
installed vulnerabilities into closed source software.
As previously said, even if you have the code expertise and ability to
re-compile you're trusting your compiler.
You seem to be looking for a guarantee that doesn't exist.
Now whether 1,000,000 eye balls looking for bugs in open source code
results in a "safer" end product given that there are an arbitrary number
of bad actors who can also look for vulnerabilities is an issue of
legitimate debate. Of course many of these are already looking through
closed source binaries for vulnerabilities.