On Mon, Sep 06, 2004 at 10:13:12AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: > Seriously though, all open-source projects have, in one way or another, > different ways in which trusted parties can introduce trojans. The more > they approach the bazaar model (vs. the cathedral model) the more the > risks. It's a known risk of the bazaar model. Even an upstream author's > trojaned system could introduce a trojan in the source code itself and that > could be propagated to _all_ distributions including it if it was not > caught in time [1]. Doesn't a saying go "don't trust code you have not > written yourself".
I respectfully disagree, that open-source/bazaar models are more at risk for trojans, or any other kind of corruption for that matter. Cathedral/closed-source models are more at risk simply because they contain more and better hiding places. The only other conclusion that could be made is that Cathedral/closed-source participants are more morally and ethically inclined, if fact real world evidence points in the opposite direction. Don't trust those who are unwilling to show you the source. -- Doug Jensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
