Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430075
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by lemur2
by stew on Tue 15th Jun 2010 09:17 UTC in reply to "Comment by lemur2"
stew
Member since:
2005-07-06

As soon as you're going through a distribution, you're in the same situation as with commercial closed source software: you're putting your security into someone else's hand.

The same principles apply to both closed and open software: don't download dubious software from sketchy sources.

Reply Parent Score: 5

RE[2]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 10:11 in reply to "RE: Comment by lemur2"
lemur2 Member since:
2007-02-17

As soon as you're going through a distribution, you're in the same situation as with commercial closed source software: you're putting your security into someone else's hand.

The same principles apply to both closed and open software: don't download dubious software from sketchy sources.


Not quite. In fact, not at all.

With an open source system, those who package and distribute the code are not those who write the code. Anyone who receives the code can also receive the source of the code, and is therefore able to independently verify that it has been packaged faithfully. It is in the best interests of ALL parties who participate that the code be clean, functional, and written in the common best interests of all parties.

Security is therefore shared between all interested parties. Anyone can check on anyone else. Self-preservation is in everyone's interest, and because the code is open, self-preservation alone (a very selfish motivation) ensures the code is clean, and that all parties agree that it is clean.

None of this applies with closed source distribution of binary packages where the author/owner of the package is the only party who is allowed to know what is in the package.

Reply Parent Score: 1