Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Last week Mac, this week Linux



Darren Cook writes:

 > Amused that someone thought this meant open source's claim to be more
 > secure was no longer true.

At least on Goodin's blog on GnuTLS I didn't see any comments to that
effect.  What I saw was "many eyes doesn't help with hard bugs unless
some of them are smart and looking carefully."  And that is quite
true, and important in the case of security code.

What's important about open source is that if you care to be secure,
you can audit it yourself (catching some bugs if you're good at that
kind of thing), and patch it yourself from other people's fixes in
good time rather than depending on a vendor to inform you and provide
a fix.

As for the case in point, I don't know the people who actually *write*
the code, but the code in that GnuTLS file was pretty awful, chaining
gotos and initializing the status code to "verified" -- I tend to give
hyc quite a bit of credence on "they can't design their way out of a
paper bag" based on just that file.



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links