From: "Joe Barr" 



So your argument boils down to whether or not people here have taken
advantage of open source by looking at code, and fixing it if they could?

And since you don't see any evidence of that happening, you think that open
source has no advantage?

I hope I have it wrong, because that is very poor thinking.

By the way, I have fixed a problem in gPhoto for the specific camera that I
have, for the distribution I was running at the time.  I mean, if that is
all it takes to convince you of the utility of open source, welcome to the
water.





On Mon, 09 Dec 2002 20:20:18 +0000, Geo. wrote:

> "Mike '/m'"  wrote in message
> news:5l49vushnkvmoq7ve7shnf3ct9r54ld8bb{at}4ax.com...
>
>> Just because a feature (in this case, source code availability) is
>> present does not mean that every user has to use that feature.
>
> But your argument is like saying a cpu is better simply because it comes
> with appendix G of the manual. Have you found your computer lacking
> because you don't have appendix G?
>
>> Yup.  Many times.   As I mentioned previously, your ignorance is
>> showing.
>
> I was pretty specific in my example, do you have a message number here to
> refer me to because I sure don't remember anyone here posting source code
> snippets to help people fix problems? Or are you thinking I'm going to
> wander off to some remote corner of the net where the programmers hang
> out? I don't deny that those places exist and that source code is traded
> freely is it a support area for users?
>
>> And your point is?
>
> Source code is not required to fix most security issues.
>
>> >> > Nobody needs the source code to IIS to write an
ISAPI filter or
>> >> >to change a system variable.
>> >>
>> >> So?  What's your point here?
>> >
>> >It only matters to programmers. (source code that is)
>>
>> I don't agree, but you're so determined in your ignorance on this that
>> I'll just disagree and let it drop.
>
> Why? I really would like you to explain why you take the position that you
> do because I don't understand. Make me understand, please?
>
>> Yes, it is your strawman.
>
> Fine, consider it dropped.
>
>> Your messages do not indicate any such understanding.  Before you can
>> learn you have to acknowledge your ignorance.
>
> duh? Will that do? 
>
>> What wasn't mentioned in the articles you cite was that the clean source
>> code is tagged with a MD5 checksum.  After you download the source code,
>> you check validate the checksum.  That simple check would have caught
>> the tainted source code.
>
> Klaus mentioned doing this with the ISO downloads for Knoppix as well, but
> his reason was because some browsers don't get clean downloads when it's a
> large file. I can't remember ever having to do that with NT patches, I
> don't think I'd trust it anyway as you and I know very well how reliable
> signing code can be. :>
>
>> If it had occurred to Microsoft, I probably would have reacted in the
>> same manner I reacted when a hacker broke into the Microsoft corporate
>> network, and had full access to the MS source code.  Does Microsoft
>> *really* know that there were no changes made to the source code, as
>> they have publically stated?  At least with Open Source, there are
>> thousands of copies around the world that can server as 'offsite'
>> disaster recovery copies.
>
> I don't know what MS does or doesn't do for backup but I would hope they
> have a few archive copies laying around.. Maybe even an offsite backup if
> they ever talked to chronister . IIRC there are a few universities
> licensed for the source code to NT as well aren't there?
>
> Geo.

--

--- BBBS/NT v4.01 Flag-4