On December 8, 2018 10:28:18 AM EST, Chris Tyler chris@tylers.info wrote:
On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath pablo@parobalth.org wrote:
On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote:
On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote:
How do you know if the source is closed? :)
Let's assume this is a real question.
Hendrik, I am sorry. I see, I have phrased my (rhetoric) question poorly. What I meant and should have written is mor like: "How can
you
know if a software behaves well and doesn't shoot the cat when you can't audit
the
source code?"
I must point out an error here: Ken Thompson proved that auditing source code (of software and the toolchain used to build it) is meaningless in his paper "Reflections on Trusting Trust".
His talk didn't show that it's meaningless but that its not always sufficient.
That paper/talk was released 34 years ago, and it wasn't theoretical -- it was based on malware that he'd successfully released into the wild many years before.
(That said, I still prefer to be able to read the source -- just saying we shouldn't attribute disproven benefits to source reading!).
-Chris _______________________________________________ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netbook@files.phcomp.co.uk