From: Thees Peereboom 

Geo,

>That was my opinion 3 weeks ago, that is not my opinion now. It's the same
>software so what this means is that my previous opinion was incorrect (or my
>current opinion is incorrect).
>
>If I go by the logic you are using then all I have to do is pass a law to
>make it illegal to tell anyone but the vendor about an exploit and suddenly
>all software is secure because nobody knows exploits exist?

No, my point is that software, either branded or OS, is only 'safe' until
the next hack is found. Your point was that OS is less safe than
'branded' software because everybody can have access to the sources of
OSS. My point is that is doesn't make much difference, the closed source of
'branded' software and vendors making every effort of keeping the hacks a
secret is at least as much a problem as the full disclosure of the OSS.

Don't get me wrong, I am most certainly not in favor of everybody running
his own adapted sources (and not documenting it), but if you organize this
in a correct way OSS can be in many cases a better solution than 'branded'
software.

>I think in most cases it would be cheaper to move to a commercial product.
>Most software today is developed by teams of programmers. Think about the
>programming effort required to maintain something like apache or samba. Even
>Knoppix, you might be able to replace Klaus with a single programmer but
>he's working with hundreds of other programmers to keep the distribution
>development going. Maybe those people keep working on it, maybe they go with
>the buyout.

Sure, I very much agree with this in many cases. That's actually my main
reason why things as 'escrow' provides most of the times some false sense
of security.

But sometimes it's worth the trouble, especially if you think that this
specific software provides you with advantages towards the competition. Or
if you don't want to be dependent on just one company, like many
governments these days in their switch from MSFT software to Linux.

- Thees Peereboom

--- BBBS/NT v4.01 Flag-4