When was the last time someone looked over the entire code base of mySQL to
make sure it didn't have a trojan inside? I mean hey, theoretically, who
goes over source code? Reading other programmer's source is both painful and
difficult. It would not be hard for someone to release a oss package,
announce it on freshmeat, have it distributed to thousands of people -- and
have malicious code inside it. I mean, hey, do you always read the Makefile
to make sure it doesn't contain a line that says "rm -rf /" for "make
install"?
Just my five nickels....
Paul Lowe
[EMAIL PROTECTED]
-----Original Message-----
From: Bud Rogers <[EMAIL PROTECTED]>
To: Debian Security <[EMAIL PROTECTED]>
Date: Sunday, October 08, 2000 6:13 AM
Subject: Is Open Source software really more secure?
>I've always taken for granted the idea that open source was inherently more
>secure because it's open to peer review. Linus said "Given enough eyes,
all
>bugs are shallow." But has anyone ever done a serious study on the
subject?
> I've seen plenty of emotional arguments and anecdotal evidence, but
nothing
>that I would consider hard evidence.
>
>I'm doing a paper on this topic for a graduate level class in Information
>Assurance Management. I'm looking for background material for my paper. I
>would appreciate any pointers, urls, etc.
>
>--
>Bud Rogers <[EMAIL PROTECTED]>
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
