|
|
|
|
|
|
by jolux
923 days ago
|
|
|
The post I was replying to said that despite being open source, nobody reads the code for Chromium and Firefox. This isn't true because people are paid to read that code. Nonetheless, anyone can still read it if they want to. This means that it's at least marginally higher risk for a state actor trying to get code into these codebases than a proprietary codebase. As I said, I think it's still pretty unlikely that Microsoft products are compromised by a state actor. It's certainly not part of my threat model. I'm not sure what point you're trying to make though. I certainly wouldn't install a system-wide HTTP proxy from a developer I didn't trust. And I don't have much of a choice but to trust Microsoft, their products are so ubiquitous I often have little choice. |
|
|
Of course, you do have a problem as you've already made clear. However, that problem stems from how Microsoft's code is closed source compared to Google's open source code. That's religious FOSS dogma which I referred to earlier, and has nothing to do with whether programmers are paid to write and examine your code.