Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Aug 2000 21:26:07 -0400
From:      Paul Halliday <transmogrify@sympatico.ca>
To:        "Andrew C. Greenberg" <werdna@mucow.com>
Cc:        Christian Jacken <christian@jacken.net>, questions@FreeBSD.ORG
Subject:   Re: How safe is FreeBSD?
Message-ID:  <39974AAF.9FED296F@sympatico.ca>
References:  <NDBBJMNNEPKCHPDOJAEBAEJJEEAA.christian@jacken.net> <p0431010fb5bbd01b2f5e@[10.0.1.4]>

next in thread | previous in thread | raw e-mail | index | archive | help
AMEN.

"Andrew C. Greenberg" wrote:
> 
> At 1:14 AM -0300 8/13/00, Christian Jacken wrote:
> >Hello guys,
> >
> >sometimes Microsoft supporters get me in serious trouble when it comes to
> >the questions "how should we trust our main operations to an operating
> >system made a buch of open source programmers" and "you say that Microsoft
> >or NSI possibly have a backdoor to Windows2000, but how can we be sure that
> >there is no backdoor in Red Hat or FreeBSD"?
> >
> >Can you help me?
> 
> Because, unlike Windows2000, you can audit the code yourself.  All of
> the code.  Each and every line.
> 
> You can tell between versions when it was changed and how it was
> changed.  Line by line, each and every line.
> 
> In comparison, Microsoft does not permit independent code audits,
> leaving you the options only to leave it, or to take it and rely on
> Microsoft's representations and warranties: strictly limited to a
> representation that the code conforms to documentation for a period
> of 90 days.  You might study the documentation all you like, but I
> suspect you will look in vain for the sentence stating that "there is
> no backdoor or other security hole in Windows2000."
> 
> This is a fundamental difference between open source and proprietary
> software.
> 
> Should you be incapable of doing the audit yourself, you can of
> course hire someone else to do that for you.  Try to do that with
> Windows2000.
> 
> Finally, if you are not inclined to audit code yourself, or to hire
> someone to audit it for you, you may choose to rely instead upon the
> consensus of a substantial and long-lived open source community that
> studies, at least aggregately, all the code.  Of course, we could ALL
> be spies for your competitors, but that would be highly unlikely.
> 
> Thus, you can trust the consensus of a disinterested community
> committed to their own self-interest, or you can rely on the
> non-representations of an entity interested in selling you its
> software.
> 
> Relying upon the consensus of others, of course, isn't without risk
> -- but it would be entirely your choice whether to do so or not.
> 
> You see, unlike Windows2000, you can audit the code yourself.  All of
> the code.  Each and every line.
> --
> Andrew C. Greenberg             acg@netwolves.com
> V.P. Eng., R&D,                 813.885.2779 (office)
> NetWolves Corporation           813.885.2380 (facsimile)
> www.netwolves.com
> 
> Please use werdna@mucow.com instead of werdna@gate.net
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 

Paul H.

=======================================================================
Don't underestimate the power of
stupid people in large groups.

Email: dp@penix.org & transmogrify@sympatico.ca
BIO: http://bling.dyn.dhs.org
GPG Key fingerprint: 2D7C A7E2 DB1F EA5F 8C6F D5EC 3D39 F274 4AA3E8B9
Public Key's available here: http://bling.dyn.dhs.org/texts/public.html
=======================================================================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39974AAF.9FED296F>