> Interesting message I got. > Isn't that a demonstration of the *real* (no FUD) open source model > security break points?
Actually, you just pointed out one of Open Source scurity model greatest strenghts, no weaknesses. How come? Well, think about what happend here: someone managed to gain unlawfull access to a distribution point of Linux source code and altered the code to instroduce a back door. The fact the file changed was found out by an "sanity check" but the true nature of the change (being a backdoor) was understood when the altered code was inspected by the community. Now, what would have happend if this was a run of the mill closed source security firm? First of all, I seriously doubt it that the fact of the change would have been detected at all, but even if it were the sys admin discovering it would "fix the technical problem" and would never ever send it to the R&D (which are another dept. which is hated by the IT team). The nature of the change would never be detected and the back door might never even corrected, assuming the sys admin "fix" woulb to ignore the error. In short - people breaking in and putting in back door happen in both open and closed source. But only in Open SOurce there's a real chance that someone would discover it. In closed source land it's always "someone else's problem". Gilad -- Gilad Ben-Yossef <[EMAIL PROTECTED]> Codefidence. A name you can trust (tm) http://www.codefidence.com "Half of one of my eyes is already open. I'm going to make coffee now..." -- Kathi 16:08:04 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
