From owner-freebsd-questions@FreeBSD.ORG Wed Jun 3 16:50:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16BA11065670 for ; Wed, 3 Jun 2009 16:50:47 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id C103F8FC15 for ; Wed, 3 Jun 2009 16:50:46 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r55.edvax.de (port-92-195-65-8.dynamic.qsc.de [92.195.65.8]) by mx01.qsc.de (Postfix) with ESMTP id 076023D3AA; Wed, 3 Jun 2009 18:50:44 +0200 (CEST) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id n53GodLY001600; Wed, 3 Jun 2009 18:50:39 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Wed, 3 Jun 2009 18:50:39 +0200 From: Polytropon To: Wojciech Puchar Message-Id: <20090603185039.54cdd820.freebsd@edvax.de> In-Reply-To: References: <4ad871310906020843n3e7dc96ap28d5d622e844abf1@mail.gmail.com> <20090603004914.73f40a60@gluon.draftnet> <20090603091800.GA1177@phenom.cordula.ws> <20090603102720.GB1349@phenom.cordula.ws> <20090603133343.GB1988@phenom.cordula.ws> <4ad871310906030653o62d7e708w1a7be44334ab8dab@mail.gmail.com> <20090603152939.GF1988@phenom.cordula.ws> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Glen Barber , cpghost , freebsd-questions@freebsd.org Subject: Re: Open_Source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 16:50:47 -0000 On Wed, 3 Jun 2009 18:21:28 +0200 (CEST), Wojciech Puchar wrote: > open source - just by being opensource - can't guarantee anything more > that availability of sources. > > It's important to stay away of all that hype that opensource programs are > just better. > > Many are, many not. I'd like to add that IF security problems get discovered in OSS, it's usually just a matter of few time that this problem gets corrected. This is mostly because the public is able to look at the source code, so many programmers with different approaches and opinions can evaluate a certain security concept, and harden it that way. There is no need even to rely on someone else to fix it - you can fix it yourself. In MICROS~1 land, you give yourself entirely into the hand of a corporation that is not interested in selling secure products, but ANY products, so you can't be sure that with the next release you can buy, a known security problem has been corrected - and if new problems are just delivered the same way. A counter-example is VMS. It is a commercial product, but highly reliable and secure. (Allthough, the sayings about the human being the weakest point in security considerations applies there, too.) -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...