On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath <[email protected]> wrote:
> On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote: > > On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote: > > > > > > How do you know if the source is closed? :) > > > > Let's assume this is a real question. > > Hendrik, I am sorry. I see, I have phrased my (rhetoric) question > poorly. What I meant and should have written is mor like: "How can you > know if a > software behaves well and doesn't shoot the cat when you can't audit the > source code?" > I must point out an error here: Ken Thompson proved that auditing source code (of software and the toolchain used to build it) is meaningless in his paper "Reflections on Trusting Trust". That paper/talk was released 34 years ago, and it wasn't theoretical -- it was based on malware that he'd successfully released into the wild many years before. (That said, I still prefer to be able to read the source -- just saying we shouldn't attribute disproven benefits to source reading!). -Chris _______________________________________________ arm-netbook mailing list [email protected] http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to [email protected]
