Hi Peter,
On 2013-10-09 18:20, Peter van Arkel wrote:
I also understand your point though, since the software is OSS, it
should be fairly easy to check for backdoors :)
besides the following 3 facts:
1. that I (and i guess 95% of all other users) can hardly read ANY
serious code
2. that it should not be "fairly easy" for anyone to read the entire
code base of such a huge project such as pfSense
3. that generally *in reality* nobody bothers to review any code
because everyone thinks that "the huge user base of this open source
project" surely does
.. please also keep in mind, that even reading and understanding code in
some cases might not be sufficient, because of
https://en.wikipedia.org/wiki/Obfuscation_%28software%29
By my opinion the often proclaimed higher security of open source due to
"everyone can 'just' read the code and check himself" is nothing more
than a myth...
Yes, you *could* check. But does anybody? Check the *entire* code and
get the big picture? I guess in 99% of smaller projects no one has EVER
checked any serious amount of code - let alone the the entire code base
- besides the developer himself...
But again back to my main question: My main question was not if the code
includes bad things, but if the company behind pfSense has been
approached (yet) by authorities to comply with their Orwellian global
police state phantasy.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
