Secure Transactions
Heinz Diehl
htd+ml at fritha.org
Mon Sep 1 05:53:52 UTC 2014
On 01.09.2014, jd1008 wrote:
> As I said, the caveat of all add-on is that they are just as mysterious
> with respect to their actual content as FF itself - and for that matter,
> Windows and Linux and Unix/variants, are just as mysterious. I say this
> because even with open source software, does anyone really have the
> time (AND THE KNOW-HOW) to identify malware in opensotource?
It's all about trust and your thread model. There are no guarantees,
as you just explained why. You can review the suspicious code
yourself, and if you're not able to do so, you have to trust others.
There is no 100% security.
> Tens or perhaps hundreds of millions of lines of code (including all
> the apps and libraries). Who is going to do this kind of sanitization??
The community which develops the respective piece of software. Most
open source software is not a solo-project, especially not the big
ones. Look at the kernel itself: there are thousands of volunteers
which contribute, and every piece of code is posted on a mailing list
in order to be reviewed by others. This is no guarantee either,
but an actual review of the code.
> I posit that if there is an honest to truth company that can do this
> (sanitize all open source SW of Linux), would and could charge arms
> and legs for such a product.
Please repeat with me: "there is no 100% security" ;-)
More information about the users
mailing list