[cctalk] Re: Open source a panacea?

[Paul Koning via cctalk]

> On Feb 3, 2025, at 4:08 PM, Chuck Guzis via cctalk <cctalk@classiccmp.org> 
> wrote:
> 
> On 2/3/25 12:51, Wayne S via cctalk wrote:
>> If safety is of paramount importance, a supplied object or executable should 
>> never be used.  That’s just common sense.
>> 
>> Sent from my iPhone
> 
> Seems to be a cognitive disconnect, here.

There is something there, though.  If you use a binary supplied by a packager 
you have to worry not just about the bugs in the original open source project, 
but also about bugs added by patches created by the packager.  There is a 
notorious example of one of the Linux distributions (Debian?) inserting a fatal 
security bug into openSSL. The original was right, but someone made a patch 
that clearly demonstrated an utter lack of clue.

        paul