To all, i do think the meaning of “Safer” needs to be explained in the context 
of this debate.

Sent from my iPhone

> On Feb 3, 2025, at 12:57, Ethan Dicks via cctalk <cctalk@classiccmp.org> 
> wrote:
> 
> On Mon, Feb 3, 2025 at 2:08 PM Donald Whittemore via cctalk
> <cctalk@classiccmp.org> wrote:
>> I am an old mainframe guy. I could give you my COBOL deck of cards or the 
>> compile listing. You could pour through the code looking for 
>> nefarious/malicious code. I then hand you the object deck. You have no idea 
>> if it matches the code you looked at. The only way you could be sure is to 
>> compile the code I gave you and use your own object deck.
> 
> That's basically true but "why Open Source" goes way beyond that.
> 
> From the start, Open Source wasn't focused on "this is good for
> security" but "I should have the right to repair".  In the face of
> 100% proprietary software, users have to beg the vendor to fix bugs,
> add features, then there's what happens to products that are abandoned
> and the OS moves on and updates are mandatory (system calls, adding
> SMP spinlocking (done that myself), and more).
> 
> At the root of Open Source is you, the user, have the right to the source 
> code.
> 
> In the early days, that's as far as it went but especially after the
> Morris Worm, security became very important, Open Source afforded
> users the ability to inspect the code for vulnerabilities in ways that
> you could not if all you had was the binaries.
> .
>> So why is open source these days such a beneficial thing?
> 
> Because it allows those folks with skills (or money to hire out) the
> _ability_ to modify software, to build on the work of others.  Now,
> it's not just one person or company writing code, anyone it touches
> can have a shot.
> 
>> DeepSeek may be open source but I have no way to create my own executable. 
>> Besides, I don’t know what language it is written in but I bet I have no 
>> expertise in it. No way to for me to identify nasty code.
> 
> Not all things are for all people.  I don't know COBOL (I decided that
> back in 1978) so I would be the wrong person to evaluate or extend
> that, but there's plenty of stuff I can and do work on.  I'm a
> contributor to several Open Source projects.  I'm happy to help on
> them because I have the skills and I have the interest.  Not everyone
> does.  Some people just download and consume, and that's fine too.
> 
>> Yes, many people may have reviewed the code but that does not mean what I am 
>> running is the result of that code.
> 
> That's on you.
> 
> -ethan

Reply via email to