Re: Another closed source shill?
If it's closed source, How the hell do you KNOW that??
Trust the vendor? Yeah, right.
Vendors who need their software to be trustworthy will have it tested and certified (at the source code level) by compliance labs. At considerable expense
Of course, you can ask "can you trust those labs" but you have to accept trust somewhere. Even open source code is only as trustworthy as the compiler you use. You can analyze the source, but can you trust the compiler you build it with? OK, so 'gcc' is open source, but are you then going to analyze it, and build it from source to be sure? What do you build it with?
If you're sceptical, you may want to look up Ken Thompson's 1984 Turing award paper "Reflections on Trusting Trust" in which he describes how to modify a compiler so that it intentionally miscompiles certain code, including itself.
"The problem is that too many people take the easy option."
I wasn't aware that there was one. Easier, maybe.
The easy option is not to check at all. It's almost as foolish as assuming that closed source code from a vendor whose business relies on its reputation is automatically worse than open source code written by a self-taught hacker with a sunny disposition.