From: "Geo." 

"Mike '/m'"  wrote in message
news:5l49vushnkvmoq7ve7shnf3ct9r54ld8bb{at}4ax.com...

> Just because a feature (in this case, source code availability) is
> present does not mean that every user has to use that feature.

But your argument is like saying a cpu is better simply because it comes
with appendix G of the manual. Have you found your computer lacking because
you don't have appendix G?

> Yup.  Many times.   As I mentioned previously, your ignorance is
> showing.

I was pretty specific in my example, do you have a message number here to
refer me to because I sure don't remember anyone here posting source code
snippets to help people fix problems? Or are you thinking I'm going to
wander off to some remote corner of the net where the programmers hang out?
I don't deny that those places exist and that source code is traded freely
is it a support area for users?

> And your point is?

Source code is not required to fix most security issues.

> >> > Nobody needs the source code to IIS to write an ISAPI filter or
> >> >to change a system variable.
> >>
> >> So?  What's your point here?
> >
> >It only matters to programmers. (source code that is)
>
> I don't agree, but you're so determined in your ignorance on this that
> I'll just disagree and let it drop.

Why? I really would like you to explain why you take the position that you
do because I don't understand. Make me understand, please?

> Yes, it is your strawman.

Fine, consider it dropped.

> Your messages do not indicate any such understanding.  Before you can
> learn you have to acknowledge your ignorance.

duh? Will that do? 

> What wasn't mentioned in the articles you cite was that the clean
> source code is tagged with a MD5 checksum.  After you download the
> source code, you check validate the checksum.  That simple check would
> have caught the tainted source code.

Klaus mentioned doing this with the ISO downloads for Knoppix as well, but
his reason was because some browsers don't get clean downloads when it's a
large file. I can't remember ever having to do that with NT patches, I
don't think I'd trust it anyway as you and I know very well how reliable
signing code can be. :>

> If it had occurred to Microsoft, I probably would have reacted in the
> same manner I reacted when a hacker broke into the Microsoft corporate
> network, and had full access to the MS source code.  Does Microsoft
> *really* know that there were no changes made to the source code, as
> they have publically stated?  At least with Open Source, there are
> thousands of copies around the world that can server as 'offsite'
> disaster recovery copies.

I don't know what MS does or doesn't do for backup but I would hope they
have a few archive copies laying around.. Maybe even an offsite backup if
they ever talked to chronister . IIRC there are a few universities
licensed for the source code to NT as well aren't there?

Geo.

--- BBBS/NT v4.01 Flag-4