On Sat, 10 Jan 2004, Richard L. Proctor wrote:
> Unfortunately not all of us can read and understand the source code. So it
> appears only valid to a programmer?
That's a very good point.
And is answered well by Craig in Message-Id:
<
1073788877.30694.97.camel@lin-workstation.azapple.com>:
> An operating system (and when you speak of a linux distribution would
> include all of the enclosed applications) are audited not by any single
> person but by the collective whole. No single person I know has the
> time, talents and energy to audit the entire source tree for errors or
> malicious code. This audit is performed by the collective whole - the
> mass of users including the few that pour through the source code to
> modify it, borrow parts for other projects or just need to compile it
...
I want to add to that ... the people reviewing or reusing the code usually
do not have an agenda or empoyer that may require them to keep potential
security issues secret.
Jeremy C. Reed
http://bsd.reedmedia.net/
(text/plain)