[Discuss] NAS: encryption
Daniel Barrett
dbarrett at blazemonger.com
Wed Jul 8 21:32:37 EDT 2015
On July 8, 2015, Richard Pieri wrote:
>All of us... well, most of us anyway, myself included, were blinded
>by the illusion [that open source affords more assurance than closed
>source]. We believed if there were problems then "some smart people"
>would have noticed them and fixed them because that's what open
>source is all about. That didn't happen and we got another critical
>security flag day for the year.
Oh, please. Nobody actually believes that open source scrutiny will
find *every* security problem. The empirical evidence is that apt-get
regularly brings me security fixes, so people clearly are looking and
fixing security bugs. Some of them will get missed for a long time,
perhaps forever, but that's life because bug detection is provably
undecidable.
Dan
More information about the Discuss
mailing list