Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 22 Dec 2003 20:53:33 -0500
From: Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Unable to compile cygwin
Message-ID: <20031223015333.GA7322@redhat.com>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <BAY9-F16kERMwSuWPjm00018ce5 AT hotmail DOT com> <20031222215956 DOT GB32638 AT redhat DOT com> <bs7rcu$bcf$1 AT sea DOT gmane DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bs7rcu$bcf$1@sea.gmane.org>
User-Agent: Mutt/1.4.1i
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com
Note-from-DJ: This may be spam

On Mon, Dec 22, 2003 at 04:31:57PM -0600, Jim Ramsay wrote:
>Christopher Faylor wrote:
>>Yeah.  You're right.  It's better to just assume it's gloriously
>>trustworthy if it's free software and maliciously bad if it comes from
>>Microsoft.
>
>I like your sarcasm, but I prefer to assume that the only truly secure
>network is one without computers attached, and the only truly secure
>computer is one with no OS, or no users :)
>
>Sadly both of these are hard to do anything useful with, so in reality
>I believe (in general) it is easier to check the security of an
>open-source product since I can look at the source code and see if
>there are unchecked buffers, backdoors, etc.  I am by no means a
>security expert, so I'm sure I'd miss lots of things, but theoretically
>there are lots of other people also checking the same code as me and
>helping make things more secure.

This is a very good point and it is one of the reasons why free software
is so powerful.  So, in theory, free software *should* be more secure.
It varies, in practice, however, depending on the project.

Cygwin went many years before anyone cared enough to start looking into
making it more secure.  So, theoretically, it did not benefit very much
from all of the theoretical eyes looking at the source code.  In fact,
the usual questions to this mailing list on this issue do not evince the
slightest desire to investigate source code.  It is refreshing to see
someone approaching things from this angle even if it is unfortunate
that the person had problems (which I can't explain) building cygwin.
--
Please use the resources at cygwin.com rather than sending personal email.
Special for spam email harvesters: send email to aaaspam AT sourceware DOT org
and be permanently blocked from mailing lists at sources.redhat.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/