From owner-freebsd-questions Sun Aug 13 18:30:57 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp11.bellglobal.com (smtp11.bellglobal.com [204.101.251.53]) by hub.freebsd.org (Postfix) with ESMTP id EA5C237B88C for ; Sun, 13 Aug 2000 18:30:44 -0700 (PDT) (envelope-from transmogrify@sympatico.ca) Received: from sympatico.ca (ppp8930.on.bellglobal.com [207.236.126.114]) by smtp11.bellglobal.com (8.8.5/8.8.5) with ESMTP id VAA25538; Sun, 13 Aug 2000 21:37:26 -0400 (EDT) Message-ID: <39974AAF.9FED296F@sympatico.ca> Date: Sun, 13 Aug 2000 21:26:07 -0400 From: Paul Halliday X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Andrew C. Greenberg" Cc: Christian Jacken , questions@FreeBSD.ORG Subject: Re: How safe is FreeBSD? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG AMEN. "Andrew C. Greenberg" wrote: > > At 1:14 AM -0300 8/13/00, Christian Jacken wrote: > >Hello guys, > > > >sometimes Microsoft supporters get me in serious trouble when it comes to > >the questions "how should we trust our main operations to an operating > >system made a buch of open source programmers" and "you say that Microsoft > >or NSI possibly have a backdoor to Windows2000, but how can we be sure that > >there is no backdoor in Red Hat or FreeBSD"? > > > >Can you help me? > > Because, unlike Windows2000, you can audit the code yourself. All of > the code. Each and every line. > > You can tell between versions when it was changed and how it was > changed. Line by line, each and every line. > > In comparison, Microsoft does not permit independent code audits, > leaving you the options only to leave it, or to take it and rely on > Microsoft's representations and warranties: strictly limited to a > representation that the code conforms to documentation for a period > of 90 days. You might study the documentation all you like, but I > suspect you will look in vain for the sentence stating that "there is > no backdoor or other security hole in Windows2000." > > This is a fundamental difference between open source and proprietary > software. > > Should you be incapable of doing the audit yourself, you can of > course hire someone else to do that for you. Try to do that with > Windows2000. > > Finally, if you are not inclined to audit code yourself, or to hire > someone to audit it for you, you may choose to rely instead upon the > consensus of a substantial and long-lived open source community that > studies, at least aggregately, all the code. Of course, we could ALL > be spies for your competitors, but that would be highly unlikely. > > Thus, you can trust the consensus of a disinterested community > committed to their own self-interest, or you can rely on the > non-representations of an entity interested in selling you its > software. > > Relying upon the consensus of others, of course, isn't without risk > -- but it would be entirely your choice whether to do so or not. > > You see, unlike Windows2000, you can audit the code yourself. All of > the code. Each and every line. > -- > Andrew C. Greenberg acg@netwolves.com > V.P. Eng., R&D, 813.885.2779 (office) > NetWolves Corporation 813.885.2380 (facsimile) > www.netwolves.com > > Please use werdna@mucow.com instead of werdna@gate.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Paul H. ======================================================================= Don't underestimate the power of stupid people in large groups. Email: dp@penix.org & transmogrify@sympatico.ca BIO: http://bling.dyn.dhs.org GPG Key fingerprint: 2D7C A7E2 DB1F EA5F 8C6F D5EC 3D39 F274 4AA3E8B9 Public Key's available here: http://bling.dyn.dhs.org/texts/public.html ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message