On Sun, 2008-05-18 at 12:42 +0200, Florian Weimer wrote:
- Ben Finney:
Florian Weimer fw@deneb.enyo.de writes:
- MJ Ray:
didn't mention how free (as in freedom) software allows any random end-user to check or have it checked.
How is this different from proprietary software?
Either this is obvious, or I'm not understanding the question.
Software that doesn't give the user freedom to inspect the source code and pass it on to others, doesn't allow the user to check the software themselves or have someone else check it and pass it along to them. This is distinct from free software, which allows all of this.
These days, there's hardly any widely used piece of proprietary software for which you can't get the source code. You can't make modifications, and there might be restrictions with whom you can share your results, but security reviews based on source code are definitely possible.
But you might of course get sued by an IPR holder if you then worked on a similar project and they claimed you had stolen their idea that you saw in their code. Shared source has specific risks to the user that FOSS doesn't have.
It's also not clear if source code availability is that helpful for uncovering security bugs.
Certainly there are some deterrents in exercising the right to go and take a look depending on how the proprietary software is licensed. Whether this makes a practical difference? Who knows?
Ian