steve at sohara.org
Mon Jan 28 16:16:12 UTC 2019
On Mon, 28 Jan 2019 09:09:53 -0700
JD <jd1008 at gmail.com> wrote:
> On Sun, 27 Jan 2019 11:14:40 -0600, Valeri Galtsev wrote:
> >I 100% agree with Polytropon, and would just add one simple point:
> >FreeBSD is open source system. Everyone in the World can *(and some/many*
> >*do)* go and audit the code for backdoors and/or vulnerabilities.
> Audit tens or hundreds of millions of lines of code for OS,
> Compilers, Libraries, applications (especially interpreted
> language applications such as Java and JS) to search for
> trojans and vulnerabilities?
> I seriously doubt it.
Certainly no single person or group has done so, but the main thing
is that all of it is available to be audited and much of it is known to
have been audited which makes it a very unsafe place to attempt to hide
anything. In almost every case commit requests are available to public code
review before they are committed.
However much code is being written there are more reviewers than
writers anywhere I have looked.
Steve O'Hara-Smith <steve at sohara.org>
More information about the freebsd-questions