My own thoughts as a sometimes-opensource developer: 1. Opensource allows you to leverage the community. They will sometimes research problems, fix bugs, or develop features.
2. Opensource allows people to answer their own questions. Documentation always drifts from implementation. If you want to know how something works, read the code. It may take some effort, but you'll know how it works. 3. Opensource inhibits "security through obscurity" by preventing obscurity. You're less likely to do dumb things in plain sight, and more likely to get caught if you do. Being able to "build it yourself" is the benefit that seems to have most been talked about in this thread, but then you go down the rabbit-hole of "... but did you build the compiler yourself?" and "... but did you build the compiler that compiled the compiler yourself?". Scott On Mon, Feb 3, 2025 at 1:03 PM Tony Jones via cctalk <cctalk@classiccmp.org> wrote: > On Mon, Feb 3, 2025 at 12:51 PM Donald Whittemore via cctalk < > cctalk@classiccmp.org> wrote: > > > If I don’t have the code expertise or compiling capability how do I know > > the executable is safe? > > > > How do you know a closed-source executable is safe? Hackers have > installed vulnerabilities into closed source software. > > As previously said, even if you have the code expertise and ability to > re-compile you're trusting your compiler. > > You seem to be looking for a guarantee that doesn't exist. > > Now whether 1,000,000 eye balls looking for bugs in open source code > results in a "safer" end product given that there are an arbitrary number > of bad actors who can also look for vulnerabilities is an issue of > legitimate debate. Of course many of these are already looking through > closed source binaries for vulnerabilities. >
