Deutsch   English   Français   Italiano  
<vfp1t1$16gfh$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lasse Langwadt <llc@fonz.dk>
Newsgroups: sci.electronics.design
Subject: Re: OT: Linix goes politics
Date: Mon, 28 Oct 2024 23:06:25 +0100
Organization: A noiseless patient Spider
Lines: 38
Message-ID: <vfp1t1$16gfh$1@dont-email.me>
References: <vff5rp$1c1v6$1@solani.org>
 <d3gnhj1v9pt3aea029c1q1lotbm7pemrv2@4ax.com> <vfhgnr$3df73$1@dont-email.me>
 <vfiq7d$3nt4g$1@dont-email.me> <vfjbks$3qpod$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 28 Oct 2024 23:06:26 +0100 (CET)
Injection-Info: dont-email.me; posting-host="fbaf72dc6052cdf2b0578ab06f61b320";
	logging-data="1262065"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/xmJnK8mhm2A/ZLgS5cplP0FGq+xYqqKo="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:BPxnTU4tLc0TQ8LbIXHmBGQtxdw=
In-Reply-To: <vfjbks$3qpod$1@dont-email.me>
Content-Language: en-US
Bytes: 2947

On 10/26/24 20:15, Don Y wrote:
> On 10/26/2024 6:18 AM, Lasse Langwadt wrote:
>> And to some extend it also protects Russian contributors from being 
>> the target of being forced to add "bad things"
> 
> The problem with FOSS is the naive belief that "lots of eyes"
> looking at the code *will* discover errors, bugs, etc.  This
> is just wishful thinking.
> 
>  From "KLEE: Unassisted and Automatic Generation of High-Coverage
> Tests for Complex Systems Programs":
> 
>       "We also used KLEE as a bug finding tool, applying it to 452
>       applications (over 430K total lines of code), where it found
>       56 serious bugs, including three in COREUTILS that had been
> ---> missed for over 15 years. Finally, we used KLEE to crosscheck
>       purportedly identical BUSYBOX and COREUTILS utilities, finding
>       functional correctness errors and a myriad of inconsistencies."
> 
> So, folks have been looking at that code for "15 years" and still
> didn't notice the bugs?
> 
> The failure is in thinking that someone ELSE will have found the bugs
> and taken action on correcting them.
> 
> A "bad actor's" actions are, thus, largely innoculated from discovery.
> And, as there is no easy way of tracking down who/what may have
> already incorporated them, no easy way to "recall" those defective
> products.  (closed source would have such a provision as the owner
> of the source will likely know which products contain which bits
> of code)

have you seen some of the closed source code that has tried to go open 
source? it usually fails because no one remembers what code was outright 
stolen, what was taken from open source and in violation of licenses, 
and what was bought from 3rd party with no right release, under NDA or 
violating patents