On the source code. Absolutely the same amount of eyes on the binary.
Anyway, there’s a joke (by Linus Torvalds, I think, but maybe I am wrong) that most of the eyes that could look at the code are attached to hands typing the thing about “more eyes”.
and therefore the chances of intentionally implemented vulnerabilities
Source code being available is obviously beneficial for learning how a program works as a whole, or participating in its development, obviously, but for finding things hidden I’m not sure.
Ah sorry, it seems I read over that part. Unless programmers have the exceptional skills and time required, to effectively reverse engineer these complex algorithms, nobody will bother to do so; especially when required after each update. On the contrary, if source code was available, the bar of entry is significantly lower and requires way less specialized skills. So save to say, most programmers won’t even bother inspecting a binary, unless there’s absolutely no other way around or have time to burn. Where as, if you’d open up the source, there would be a lot more, let’s say C programmers, able to inspect the algorithm. Really, have a look at what it requires to write binary code, let alone reverse engineering complicated code, that somebody else wrote.
I agree with Linus’ statement though: I rarely inspect source-code myself, but I find it more comforting knowing, package-maintainers for instance, could theoretically check the source before distribution. I stand by my opinion that it’s a bad look for a privacy- and security-oriented piece of software, to restrict non-“experts” from inspecting that, which should ensure that.
On the source code. Absolutely the same amount of eyes on the binary.
Anyway, there’s a joke (by Linus Torvalds, I think, but maybe I am wrong) that most of the eyes that could look at the code are attached to hands typing the thing about “more eyes”.
Source code being available is obviously beneficial for learning how a program works as a whole, or participating in its development, obviously, but for finding things hidden I’m not sure.
Ah sorry, it seems I read over that part. Unless programmers have the exceptional skills and time required, to effectively reverse engineer these complex algorithms, nobody will bother to do so; especially when required after each update. On the contrary, if source code was available, the bar of entry is significantly lower and requires way less specialized skills. So save to say, most programmers won’t even bother inspecting a binary, unless there’s absolutely no other way around or have time to burn. Where as, if you’d open up the source, there would be a lot more, let’s say C programmers, able to inspect the algorithm. Really, have a look at what it requires to write binary code, let alone reverse engineering complicated code, that somebody else wrote.
I agree with Linus’ statement though: I rarely inspect source-code myself, but I find it more comforting knowing, package-maintainers for instance, could theoretically check the source before distribution. I stand by my opinion that it’s a bad look for a privacy- and security-oriented piece of software, to restrict non-“experts” from inspecting that, which should ensure that.