On 4/5/2015 3:45 PM, Theo de Raadt wrote:
Indeed. Kind of amusing. Entirely possible a mtier person commits to
the port John is worried about. Like all of us they are volunteers...
So John, who will you trust? And why will you trust them, or not trust them?
In fact, taken far enough... why trust me?
Much of the trust imparted in us is probably for two reasons:
1. the software is cheap
2. perception of our software management practices relative to other's
software management practices
John, if you are paranoid, don't trust anyone... You know, these are
ports. You trust all the upstreams?
You're right. I don't like the amount of trust involved in modern
computing. It made me uneasy before any of the recent revelations
occurred. Now it's even worse.
It's not something I obsess about but I just don't like it.
Is it a bit silly? Yeah, probably, especially since I'm probably the
most boring target ever with regards to being surveilled or whatever.
But, at least in the country I'm in, you can't walk out your door
without breaking at least a few laws. So I come back around to yeah, I
probably should take some precautions and think about these things at
least some.
You're right, I have to trust someone to use modern computer hardware
and operating systems. My strategy is to trust as few people as
possible. I trust you and the other OpenBSD developers because of your
stated principles and track record.
Yeah, the price is right too. I trust payware less than free/open
source software because I have to completely trust the software provider
with payware whereas free/open source has at least some review by
others. I haven't been able to contribute monetarily yet except buying
a LibreSSL shirt. I hope to be able to change that soon and start
contributing on a regular basis. So while the price is right more from
a perspective of free/open vs payware it isn't so much about the money
(which I truly do want to start gladly giving whenever I am able to
which should be soon).
With regards to mtier specifically, I didn't see a mention of it
anywhere on openbsd.org. So my initial reaction was thanks but no
thanks. If it really is considered trustworthy by core OpenBSD
developers then maybe I'll take another look.
--
John Merriam
