I think FOSS is enough because as long as you can fully read the code, it can be audited and even forked to remove BS. So I’m fine with companies developing FOSS. I don’t even really care about EEE. We can always maintain a fork of the standard at the moment you fucked with it. We can even still get your upstream changes just with the shit cherry picked out! It’s always a win.
Have you audited any of it? Would you like to try gcc or systemd for that matter? By the time you go through 1% of it the code has changed already. How many times in the past years has tremendous security breaches been caused by FOSS and was discovered months after it was in effect, and some of this by coincidence, or corporate teams that review code.
The fact I haven’t doesn’t mean I can’t read auditors who have, who do keep track of these changes. Zero days are usually caused by things no one noticed, not things that were intentionally added by corporate overlords to spy or back door a FOSS app.
I think FOSS is enough because as long as you can fully read the code, it can be audited and even forked to remove BS. So I’m fine with companies developing FOSS. I don’t even really care about EEE. We can always maintain a fork of the standard at the moment you fucked with it. We can even still get your upstream changes just with the shit cherry picked out! It’s always a win.
Have you audited any of it? Would you like to try gcc or systemd for that matter? By the time you go through 1% of it the code has changed already. How many times in the past years has tremendous security breaches been caused by FOSS and was discovered months after it was in effect, and some of this by coincidence, or corporate teams that review code.
The fact I haven’t doesn’t mean I can’t read auditors who have, who do keep track of these changes. Zero days are usually caused by things no one noticed, not things that were intentionally added by corporate overlords to spy or back door a FOSS app.