To all, i do think the meaning of “Safer” needs to be explained in the context of this debate.
Sent from my iPhone > On Feb 3, 2025, at 12:57, Ethan Dicks via cctalk <cctalk@classiccmp.org> > wrote: > > On Mon, Feb 3, 2025 at 2:08 PM Donald Whittemore via cctalk > <cctalk@classiccmp.org> wrote: >> I am an old mainframe guy. I could give you my COBOL deck of cards or the >> compile listing. You could pour through the code looking for >> nefarious/malicious code. I then hand you the object deck. You have no idea >> if it matches the code you looked at. The only way you could be sure is to >> compile the code I gave you and use your own object deck. > > That's basically true but "why Open Source" goes way beyond that. > > From the start, Open Source wasn't focused on "this is good for > security" but "I should have the right to repair". In the face of > 100% proprietary software, users have to beg the vendor to fix bugs, > add features, then there's what happens to products that are abandoned > and the OS moves on and updates are mandatory (system calls, adding > SMP spinlocking (done that myself), and more). > > At the root of Open Source is you, the user, have the right to the source > code. > > In the early days, that's as far as it went but especially after the > Morris Worm, security became very important, Open Source afforded > users the ability to inspect the code for vulnerabilities in ways that > you could not if all you had was the binaries. > . >> So why is open source these days such a beneficial thing? > > Because it allows those folks with skills (or money to hire out) the > _ability_ to modify software, to build on the work of others. Now, > it's not just one person or company writing code, anyone it touches > can have a shot. > >> DeepSeek may be open source but I have no way to create my own executable. >> Besides, I don’t know what language it is written in but I bet I have no >> expertise in it. No way to for me to identify nasty code. > > Not all things are for all people. I don't know COBOL (I decided that > back in 1978) so I would be the wrong person to evaluate or extend > that, but there's plenty of stuff I can and do work on. I'm a > contributor to several Open Source projects. I'm happy to help on > them because I have the skills and I have the interest. Not everyone > does. Some people just download and consume, and that's fine too. > >> Yes, many people may have reviewed the code but that does not mean what I am >> running is the result of that code. > > That's on you. > > -ethan