On 01.09.2014, jd1008 wrote: > As I said, the caveat of all add-on is that they are just as mysterious > with respect to their actual content as FF itself - and for that matter, > Windows and Linux and Unix/variants, are just as mysterious. I say this > because even with open source software, does anyone really have the > time (AND THE KNOW-HOW) to identify malware in opensotource? It's all about trust and your thread model. There are no guarantees, as you just explained why. You can review the suspicious code yourself, and if you're not able to do so, you have to trust others. There is no 100% security. > Tens or perhaps hundreds of millions of lines of code (including all > the apps and libraries). Who is going to do this kind of sanitization?? The community which develops the respective piece of software. Most open source software is not a solo-project, especially not the big ones. Look at the kernel itself: there are thousands of volunteers which contribute, and every piece of code is posted on a mailing list in order to be reviewed by others. This is no guarantee either, but an actual review of the code. > I posit that if there is an honest to truth company that can do this > (sanitize all open source SW of Linux), would and could charge arms > and legs for such a product. Please repeat with me: "there is no 100% security" ;-) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
