[cctalk] Re: Open source a panacea?

[Paul Koning via cctalk]

> On Feb 3, 2025, at 3:42 PM, Donald Whittemore via cctalk 
> <cctalk@classiccmp.org> wrote:
> 
> I was not being specific on language or the app. I was questioning the 
> general impression that open source is safe(r). If I am not proficient in the 
> source language or have the ability to create my own executable I don’t see 
> how open source is ‘safer’ for the average Joe or app.

That's true but that's because of your limitations, not because of the nature 
of open source.

Open source is the "thousand eyeballs" notion that more review is better.  
Those eyeballs need to be skilled, not just in the programming language used 
but more importantly in the subject matter of the code.  You can't be a good 
open source compiler reviewer if you're not skilled in compilers.  You can't 
verify the correctness of, say, GPG, if you don't know cryptography.

The general population of software users is the beneficiary of all those 
eyeballs; it isn't necessary for every last one of them to do the reviewing.

        paul