On Fri, Oct 31, 2008 at 10:40 PM, JJB <[EMAIL PROTECTED]> wrote: > > If I was able to read and understand the source, I would probably be > contributing to it. Isn't there usually an oversight process in which source > commits are reviewed by someone before being accepted? Otherwise someone > could be putting back doors or spy-code into the source code? > > If I worked for an alphabet soup agency, I would certainly ***love*** to be > involved in open source development! > > With closed source software there is a level of accountability - if > something like that was discovered the companies reputation would suffer, > there could even be lawsuits, loss of revenue, etc. > > My understanding (perhaps ignorant) is that there is some kind of process in > most group-effort open source projects, especially of this importance to > screen code before it is committed to cvs or svn or whatever version > tracking software is used. > > Joel >
Putting a back door into an opensource project is probably more difficult than doing something like that in closed source. You migh remember there was a Flightsimulator in MS Excel. This is not a small addition, but it went on sale, undetected. With pfSense , the source is published on the web. Any random person can read it, no questions asked. Ok, so not many people would detect a backdoor if it hit them on the head, but the code is there. If you dont trust the binary, you can compile from source yourself. Accountability is there. The devs have have their reputation at stake. When I run pfSense on a production environment, my reputation is at stake so I test the code. This is the same with any software, open or proprietary. Trust? I dont know the devs, but yes I trust them. sai --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
