On Sun, 10 Mar 2019 19:46:42 +0000 mick crane <[email protected]> wrote:
> On 2019-03-10 17:13, Joe wrote: > > On Sun, 10 Mar 2019 19:35:18 +0300 > > Reco <[email protected]> wrote: > > > >> Hi. > >> > >> On Sun, Mar 10, 2019 at 04:32:42PM -0000, Curt wrote: > >> > >> > > >> > I thought he was saying the surest approach is not touching > >> > Windows with a ten foot pole, > >> > >> You're aiming too low. Not touching any non-free OS with a ten foot > >> pole would be much more like it. > >> > >> > > While bearing in mind that 'free' doesn't mean 'problem-free'. > > > > Remember how many people audited the Heartbleed code before it was > > released? > > didn't I read openSSL just had the one full time guy for thousands of > lines of code ? I believe only one person other than the writer audited the code, and this was a piece of core open-source security code. While "given enough eyeballs, all bugs are shallow", it is clear that code being open source does not automatically deliver the eyeballs. -- Joe
