On December 8, 2018 10:28:18 AM EST, Chris Tyler <[email protected]> wrote: >On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath <[email protected]> wrote: > >> On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote: >> > On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote: >> > > >> > > How do you know if the source is closed? :) >> > >> > Let's assume this is a real question. >> >> Hendrik, I am sorry. I see, I have phrased my (rhetoric) question >> poorly. What I meant and should have written is mor like: "How can >you >> know if a >> software behaves well and doesn't shoot the cat when you can't audit >the >> source code?" >> > >I must point out an error here: Ken Thompson proved that auditing >source >code (of software and the toolchain used to build it) is meaningless in >his >paper "Reflections on Trusting Trust".
His talk didn't show that it's meaningless but that its not always sufficient. > That paper/talk was released 34 >years ago, and it wasn't theoretical -- it was based on malware that >he'd >successfully released into the wild many years before. > >(That said, I still prefer to be able to read the source -- just saying >we >shouldn't attribute disproven benefits to source reading!). > >-Chris >_______________________________________________ >arm-netbook mailing list [email protected] >http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook >Send large attachments to [email protected] _______________________________________________ arm-netbook mailing list [email protected] http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to [email protected]
