begin quoting DJA as of Sun, Oct 09, 2005 at 08:17:54PM -0700: > Todd Walton wrote: [snip] > >As far as I'm concerned, open source software just gives me more > >people that I'm trusting. I don't think I've ever audited a piece of > >software to ensure that it's doing the right thing. > > I don't see how that follows. > > Given that you don't audit either application, and that App P is closed > source with seven contributing developers while App O is open source > with seven contributing developers, how do you figure that App O gives > you more (or fewer) people to trust?
Well, with App P, there's a legally recognized entity that I can sue if it turns out they provided me with malware; with App O, I have no idea _who_ would be responsible, aside from myself for failing to audit and peer review umpty-thousand lines of code. (This is different from _bugs_....) > With source code available, you at least have a list of contributors[1]; > with the closed source app you have no idea of either the number or > identity of its contributors. By "source code available" I assume you mean "open source"? (I can show you the source code of my proprietary application -- it doesn't mean you have the right to distribute it or modify it, which keeps it "closed".) I have _no_ idea as to who the contributors are to an open-source app; so I have a list -- that means absolutely jack. I don't know what people may have worked on a closed-source app, but I know who has the responsiblity for that application. > With the App_O you don't *need* to trust anyone - you can look a the > source code yourself (or commission an audit). With App_P you can trust > neither the source nor its contributors. I can only audit the source code myself if I have tons of free time (i.e. I'm unemployed, retired, a student, or independently wealthy); I can only afford to commission an audit if I have considerable resources at my disposal (e.g. I am independently wealthy again). With App_P, I can take legal recourse against the vendor with far fewer resources than it would take for me to commission an audit. > Now if you're talking about faith (that which stands as a placeholder > for knowing), that's a different matter. You can't ever _know_ that your application is safe. Even if you compiled it yourself. -Stewart "The advantage of open source is you can mock bad code" Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
