Comment by freedomben
1 month ago
Agreed, but surely you see a difference between an open source implementation that is out for audit by anyone, and a closed source implementation that is kept under lock & key? They could both be compromised intentionally or unintentionally, but IMHO one shows a lot more good faith than the other.
No. That’s your bias as a nerd. There are countless well-publicised examples of ‘many eyeballs’ not being remotely as effective as nerds make it out to be.
can you provide a relevant example for this context?
That was an entire body of research at the University of Minnesota and the “hypocrite commits” weren’t found until the authors pointed people to them.
https://www.theverge.com/2021/4/30/22410164/linux-kernel-uni...
How long did the log4j exist?
https://www.csoonline.com/article/571797/the-apache-log4j-vu...
What was the other package that had the mysterious .?
5 replies →