Well, the Linux kernel for one is pretty heavily peer-reviewed. And thats even before it gets committed to the source tree, which largely is a final process overseen by Linus. So the kernel code is VERY heavily reviewed.
Look at the bugtraq mailing list. There are tonnes of people who are a) discovering a flaw in an open source package, either by installing and mucking around, or testing it specifically for vulnerabilities (passing some sort of internal QA procedures). b) reporting the flaws to the package authors, sometimes including a patch! c) the author releases a fix before the vulnerability has been exploited in the wild and the discoverer gets to claim some "street cred" for finding it. In the last 24-48 hours.. http://securitytracker.com/alerts/2005/Feb/1013078.html ht://dig has a cross site scripting hole from unfiltered input. http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php pgSQL has multiple buffer overruns. This was discovered by a fellow developer, unfortunately after the code had been released. https://bugzilla.mozilla.org/show_bug.cgi?id=280664 Malicios code can meddle with your Firefox settings. See the work-flow here how a patch was submitted, it was reviewed, "super-reviewed" then approved. Then someone checked it into the various branches of the project, make it a retrospective fix? It is virtually impossible to write 100% flawless software on a project of considerable size. I would however, have the code out there for the world to see and have independent objective reviews of it. Regards, Jon On Tue, 15 Feb 2005 00:40:40 +0100, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > Do you know anyone that analyzes the quality of other peoples > open source code? Anyone? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:194623 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
