From: Jeff Shultz 

On Sat, 30 Nov 2002 23:01:47 -0500, "Geo."  wrote:

>How many times have these guys gone over the code in BIND and Sendmail?
>
>Geo.

BIND 9.x was a complete re-write. I think Sendmail 8.x was as well.


>
>"Tony Williams"  wrote in message
>news:3de941a6$1{at}w3.nls.net...
>> Antti Kurenniemi wrote:
>> > "Tony Williams"  wrote in message
>> > news:3de90000$1{at}w3.nls.net...
>> >
>> >>I chose the words carefully. You have a choice to trust many people
>> >>working out in the open and having their efforts publicly
reviewed, or
>> >>to trust a single source with no third-party
corroboration. Either way
>> >>you have to trust somebody to not have made a mistake or
been malicious
>> >>- what's that saying? "Trust, but verify".
Closed source lacks the
>> >>"verify" portion.
>> >
>> >
>> > That is true to an extent - for a normal average user the open source
>lacks
>> > the "verify" as well (who has the knowledge / time
to go find out if
>some
>> > problem has been fixed in all the millions of lines of
code?). So it's a
>> > question of who to trust.
>> >
>>
>> Exactly - one vendor who makes claims which can't be independently
>> verified or a collection of developers who review each others' work in
>> the open (and who often seem to take great delight in striving to outdo
>> each other). You might not verify the fix yourself, but you can be sure
>> that others have done it for you.
>>
>> Turn the question on its head: who is it wiser to distrust?
>>
>> --
>> Tony
>>
>

--- BBBS/NT v4.01 Flag-4