> On Feb 3, 2025, at 2:08 PM, Donald Whittemore via cctalk
> <cctalk@classiccmp.org> wrote:
>
> I am an old mainframe guy. I could give you my COBOL deck of cards or the
> compile listing. You could pour through the code looking for
> nefarious/malicious code. I then hand you the object deck. You have no idea
> if it matches the code you looked at. The only way you could be sure is to
> compile the code I gave you and use your own object deck.
>
> So why is open source these days such a beneficial thing? DeepSeek may be
> open source but I have no way to create my own executable. Besides, I don’t
> know what language it is written in but I bet I have no expertise in it. No
> way to for me to identify nasty code.
>
> Yes, many people may have reviewed the code but that does not mean what I am
> running is the result of that code.
Open source, properly defined, means not just that you can see the code but
that you have the possibility of building it. If DeepSeek is advertised as
open source but you can't create your own executable, that's clearly false
advertising.
The language doesn't matter so long as it's an available one. If you don't
know it you can learn. For example, you could write open source code in COBOL,
that's perfectly valid. Not a whole lot of people are left who can check your
work, but anyone who wants to can learn the necessary basics.
BTW, strictly speaking you should also suspect the compiler. See "Reflections
on trusting trust".
paul
