On Thu, Sep 12, 2013 at 5:01 PM, Jonathan Perry-Houts <[email protected]> wrote: > I can't speak to those packages specifically but I think the answer > you'll get from most people, especially in this community, is that > non-free software is inherently insecure because you can't know > exactly what it is doing. Thus, a fully free system such as Debian > with only main enabled or Trisquel or so is, in principle, more > trustworthy than any system running non-free code. > > That said, free code can of course have bugs and security holes too. > It's probably less likely, with a community of thousands auditing it > versus a closed group of developers, but it happens.
This falls on the assumption that people actually audit the open source software they use, which most of the time is not the case because they have the same mentality you imply you have: "with thousands auditing it, why should I? it must be secure"... by that logic with millions auditing Android we shouldn't have had the recently huge crypto issue in Android right? You know, the one that slipped by for years. We shouldn't have had several other bugs that were years unnoticed in other software. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAM5XQnxKLL3F4YGiLjHB_hccc4u8u+qBQ=T=obu6flyvdrs...@mail.gmail.com
