Posted: 2016-02-03 17:02
TmEE wrote:You can always compile the stuff yourself.
The being able to inspect stuff to find problems is kind of a weak argument, there's very few programmers who are willing to spend weeks or months of their lives to study such huge programs to a point where they get enough understanding how something works and to improve them or actually locate faults and fix them. Even a small program (only few thousands of lines of code) is very difficult to tackle like that...
It's not just one person looking at the source code and spending weeks or months of their lives scouring through the source. For open source projects that are medium to large size, which even have some people just reading the code that aren't even programming, you have a better success rate of one or more of the developers not hiding a backdoor in the source (unintentional or not) as compared to closed source software. Like I wrote above, there's a gigantic reason why cryptographic libraries and algorithms are open source. There's much less of a place to hide. It's not a perfect system as of course there was Heartbleed, but that whole codebase was totally neglected and iirc someone talked about the vulnerabilities many many years before they started being exploited. So if anything, I think you are the one who has the week argument. Closed source software is "just trust us software". Well guess what, I don't use "just trust us software"; code developed by a sole entity running on my hardware that has free reign to do whatever the fuck it feels like.