Re: a question about security

[Chad David <davidc@acns.ab.ca>]

The fact that the source is open is the whole point.  If I can read
the source, then I can patch the holes; not just me, but thousands
of other developers.  The more eyes that go over the code the more
likely the hole that we all know is there will be found.  Microsoft,
Cisco, 3Com and the rest rely upon there own developers and then
the users of their products to find bug / holes.

I would rather Theo or whoever fix the problem in the source before
 I find it after someone compromises my machine!


Ask you co-worker if he would prefer an OS that even after he has
read the source code he can't break, or an OS that Gates tells him
he can't break?

Chad


On Fri, 29 Oct 1999, Andrew Falanga wrote:

> Hi again,
> 
> I really hope that I don't get roasted for this one, but I was talking
> with a co-worker and he posed a question that I couldn't rightly
> answer.  The question is this, "If the soruce code (for OpenBSD) is free
> and public domain, how can the OS be secure?"  Why couldn't someone just
> look at the source code and figure out how to get in?  Or am I asking a
> dumb question?
> 
> Andrew Falanga
> 
> P.S.
> 
> This is a question that I must be able to answer as the whole reason I'm
> looking at OpenBSD (well, ok it's not the whole reason, I want to use it
> myself) is I want to convince my employers that it is the OS that we
> must use to run our web hosting site.  DNS servers, routers, web
> server...the whole ball-of-wax.
> 
> 
>