Date: Tue, 25 Jul 2000 15:46:14 -0400 (EDT) From: Jim Sander <jim@federation.addy.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: allow access of root user Message-ID: <Pine.BSF.4.10.10007251453001.37182-100000@federation.addy.com> In-Reply-To: <xzp1z0idp8v.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> Yes, you do: you read the source code, just like with any other > open-source software. That's true to an extent. If you're installing for your own use, it can be very safe. The risk there would be a malicious or poor implementation, and honestly I'm not a good enough programmer to catch all the cases where that could happen even looking at the source. If you're using a "foreign" applet to connect, it's not as safe- you'd have to decompile the JAVA bytecode back into source in order to make sure what is executing matches what is published. This isn't something I'm likely to do, which is why I made the comments I did. Even open-source code that isn't "branded" by a well-respected organization isn't going to get a lot of trust. (from me) It's simply impossible for me to do an effective audit of every tool I use, so I rely upon the support and trust given by such fine organizations as FreeBSD. :) -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10007251453001.37182-100000>