Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Last week Mac, this week Linux
- Date: Fri, 07 Mar 2014 21:38:25 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: [tlug] Last week Mac, this week Linux
- References: <53190C8E.4090009@dcook.org>
Darren Cook writes: > Amused that someone thought this meant open source's claim to be more > secure was no longer true. At least on Goodin's blog on GnuTLS I didn't see any comments to that effect. What I saw was "many eyes doesn't help with hard bugs unless some of them are smart and looking carefully." And that is quite true, and important in the case of security code. What's important about open source is that if you care to be secure, you can audit it yourself (catching some bugs if you're good at that kind of thing), and patch it yourself from other people's fixes in good time rather than depending on a vendor to inform you and provide a fix. As for the case in point, I don't know the people who actually *write* the code, but the code in that GnuTLS file was pretty awful, chaining gotos and initializing the status code to "verified" -- I tend to give hyc quite a bit of credence on "they can't design their way out of a paper bag" based on just that file.
- References:
- [tlug] Last week Mac, this week Linux
- From: Darren Cook
- [tlug] Last week Mac, this week Linux
- Prev by Date: Re: [tlug] Last week Mac, this week Linux
- Next by Date: [tlug] Wifi hotspot access in Tokyo
- Previous by thread: Re: [tlug] Last week Mac, this week Linux
- Next by thread: [tlug] SOLVED: Re: Vietnamese Dvorak?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |