On 2/3/25 13:14, Paul Koning wrote: > > >> On Feb 3, 2025, at 4:08 PM, Chuck Guzis via cctalk <[email protected]> >> wrote: >> >> On 2/3/25 12:51, Wayne S via cctalk wrote: >>> If safety is of paramount importance, a supplied object or executable >>> should never be used. That’s just common sense. >>> >>> Sent from my iPhone >> >> Seems to be a cognitive disconnect, here. > > There is something there, though. If you use a binary supplied by a packager > you have to worry not just about the bugs in the original open source > project, but also about bugs added by patches created by the packager. There > is a notorious example of one of the Linux distributions (Debian?) inserting > a fatal security bug into openSSL. The original was right, but someone made a > patch that clearly demonstrated an utter lack of clue.
You miss my tongue-in-cheek observation. iPhone software isn't, to bhe best of my knowledge, open-source. How does one know or determine that there's not malware in vendor-supplied software? --Chuck
