|
|
|
|
|
|
by ralmidani
3491 days ago
|
|
|
How can I obtain reliable data on non-free software when the public cannot study the source code? You also seem to discount the possibility of _intentional_ vulnerabilities (from the user's perspective) being included in the software by its developer. |
|
|
Similarly, the security community has discussed the possibility of intentional vulnerabilities in opensource software for decades. Sure, someone would probably notice if you submitted secret-nsa-exploit.patch but it's unclear that someone would notice if e.g. you submitted a Heartbleed-style bug, not to mention something the NSA's dual curve backdoor.
To be clear, I've been working with open-source software since the mid-90s. I think the model has a lot to offer but it's not magic. Lazy fanboy activism doesn't do anything but lower your credibility and help the companies which are arguing that open-source isn't safe to use (or isn't safe to use without paying them to manage it).