Originally posted by BO$$
View Post
Your limited view on the case, though, may give you a hard time understanding why it is mostly secure to use the Linux-Kernel: I don't write it myself, but thousands of people and even more volunteers check the Kernel code every day. If there is a security-hole, it usually gets fixed quickly. If it takes longer or people are still on an old revision, they are vulnerable. That's called the "0-day-problem".
You can't go all the way; there is no definite security or definite freedom, but:
I put my trust in the Kernel developers, because they prove to be trustworthy every single day, and I don't expect them to be infallible (no human is). Corporate commits are checked thoroughly.
I don't put trust in Microsoft, because it is not trustworthy. In the past, it has been revealed, that Microsoft put in a NSA-backdoor into its operating system. And we found out just a few weeks ago, that it provides all Cloud-data to the NSA.
I don't put trust in Apple, because it does the same.
I don't put trust in Facebook, because it sells user-data.
I don't put trust in Adobe, because it spies on its users.
If Linus Torvalds decided to bring a patch into the Kernel to send all user-data to one of his servers, there would sure as hell be at least dozens of people noticing it. Kernel development is a process supervised by thousands of people.
Your demands are unrealistic and far from the truth. It's like asking a boss of a big construction company why he doesn't do the work of his over 1000 employees himself. He can't trust them to follow his orders exactly every day! What if they stole something? By trying to make GNU/Linux bad, you distort reality and the term "trust" into something, which allegedly is only there when you do it yourself.
Of course, something _could_ happen, but the more people are involved, the less likely it is.
If you look at Microsoft, development happens behind closed doors. We don't know what they build into the software and you have to trust a company. The difference between trusting a company and trusting a community is that the former has a business plan and is greedy by definition. Its business interest is to control its customers.
A community of free software enthusiasts doesn't aim for highest profits and thus wouldn't for instance have the aim to sell the users' data. Unlike most companies, a community of this kind is normally regulated and there is no way for a single person to push through his own interests without being checked first.
Same applies to any other software project. The more people are watching, the safer you are. And if you stumble upon a small project, you could still check the source code yourself, which would normally be not too long itself.
Life is risky. Life with it.
And start putting trust in people; it's the first step to make friends. You most probably lack both.
Leave a comment: