On Mon, Feb 3, 2025 at 2:08 PM Donald Whittemore via cctalk <cctalk@classiccmp.org> wrote: > I am an old mainframe guy. I could give you my COBOL deck of cards or the > compile listing. You could pour through the code looking for > nefarious/malicious code. I then hand you the object deck. You have no idea > if it matches the code you looked at. The only way you could be sure is to > compile the code I gave you and use your own object deck.
That's basically true but "why Open Source" goes way beyond that. >From the start, Open Source wasn't focused on "this is good for security" but "I should have the right to repair". In the face of 100% proprietary software, users have to beg the vendor to fix bugs, add features, then there's what happens to products that are abandoned and the OS moves on and updates are mandatory (system calls, adding SMP spinlocking (done that myself), and more). At the root of Open Source is you, the user, have the right to the source code. In the early days, that's as far as it went but especially after the Morris Worm, security became very important, Open Source afforded users the ability to inspect the code for vulnerabilities in ways that you could not if all you had was the binaries. . > So why is open source these days such a beneficial thing? Because it allows those folks with skills (or money to hire out) the _ability_ to modify software, to build on the work of others. Now, it's not just one person or company writing code, anyone it touches can have a shot. > DeepSeek may be open source but I have no way to create my own executable. > Besides, I don’t know what language it is written in but I bet I have no > expertise in it. No way to for me to identify nasty code. Not all things are for all people. I don't know COBOL (I decided that back in 1978) so I would be the wrong person to evaluate or extend that, but there's plenty of stuff I can and do work on. I'm a contributor to several Open Source projects. I'm happy to help on them because I have the skills and I have the interest. Not everyone does. Some people just download and consume, and that's fine too. > Yes, many people may have reviewed the code but that does not mean what I am > running is the result of that code. That's on you. -ethan