Date: Sun, 13 Aug 2000 21:26:07 -0400 From: Paul Halliday <transmogrify@sympatico.ca> To: "Andrew C. Greenberg" <werdna@mucow.com> Cc: Christian Jacken <christian@jacken.net>, questions@FreeBSD.ORG Subject: Re: How safe is FreeBSD? Message-ID: <39974AAF.9FED296F@sympatico.ca> References: <NDBBJMNNEPKCHPDOJAEBAEJJEEAA.christian@jacken.net> <p0431010fb5bbd01b2f5e@[10.0.1.4]>
next in thread | previous in thread | raw e-mail | index | archive | help
AMEN. "Andrew C. Greenberg" wrote: > > At 1:14 AM -0300 8/13/00, Christian Jacken wrote: > >Hello guys, > > > >sometimes Microsoft supporters get me in serious trouble when it comes to > >the questions "how should we trust our main operations to an operating > >system made a buch of open source programmers" and "you say that Microsoft > >or NSI possibly have a backdoor to Windows2000, but how can we be sure that > >there is no backdoor in Red Hat or FreeBSD"? > > > >Can you help me? > > Because, unlike Windows2000, you can audit the code yourself. All of > the code. Each and every line. > > You can tell between versions when it was changed and how it was > changed. Line by line, each and every line. > > In comparison, Microsoft does not permit independent code audits, > leaving you the options only to leave it, or to take it and rely on > Microsoft's representations and warranties: strictly limited to a > representation that the code conforms to documentation for a period > of 90 days. You might study the documentation all you like, but I > suspect you will look in vain for the sentence stating that "there is > no backdoor or other security hole in Windows2000." > > This is a fundamental difference between open source and proprietary > software. > > Should you be incapable of doing the audit yourself, you can of > course hire someone else to do that for you. Try to do that with > Windows2000. > > Finally, if you are not inclined to audit code yourself, or to hire > someone to audit it for you, you may choose to rely instead upon the > consensus of a substantial and long-lived open source community that > studies, at least aggregately, all the code. Of course, we could ALL > be spies for your competitors, but that would be highly unlikely. > > Thus, you can trust the consensus of a disinterested community > committed to their own self-interest, or you can rely on the > non-representations of an entity interested in selling you its > software. > > Relying upon the consensus of others, of course, isn't without risk > -- but it would be entirely your choice whether to do so or not. > > You see, unlike Windows2000, you can audit the code yourself. All of > the code. Each and every line. > -- > Andrew C. Greenberg acg@netwolves.com > V.P. Eng., R&D, 813.885.2779 (office) > NetWolves Corporation 813.885.2380 (facsimile) > www.netwolves.com > > Please use werdna@mucow.com instead of werdna@gate.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Paul H. ======================================================================= Don't underestimate the power of stupid people in large groups. Email: dp@penix.org & transmogrify@sympatico.ca BIO: http://bling.dyn.dhs.org GPG Key fingerprint: 2D7C A7E2 DB1F EA5F 8C6F D5EC 3D39 F274 4AA3E8B9 Public Key's available here: http://bling.dyn.dhs.org/texts/public.html ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39974AAF.9FED296F>