> Here's a simple quick question, the answer to which will vary
>from person to person. Why do you want the source for your security tools?
>
> Do you actually have time to do a proper inspection of the code? Is
>it because documentation is always terrible, and if you have the source, you
>can at least fall back on it? Is it so you can tinker with it? Some other
>reason?
>
Along the same lines, what if any, differences would there be had S*T*N NOT been
released with source code? Would people still have been worried? I do look upon
the source code issue from time to time, since I must debug others' code often. I do
find however, that a properly tested package, IMHO, would not require source code.
But that is the big issue is it not? Especially in the net/firewall/security community.
Although most tools and packages relating to firewalls run on UN*X systems, and most
of the history of UN*X has been that source was included, well, perhaps the story
follows... In otherwords, I would LOVE to NOT have to see/check/build a package
even on a un*x box. If I knew the company had a good rep (unlike some companies
whose name begins with Mic...) I would not at all be worried that I did not get the
code. I would however like to see/discuss reults of beta testing of the product, so
I could understand what problems, if any, had been an issue.
Just another rambling message to keep a thread going....
Rich Fitzgerald
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
"....I hope life is not a big joke, cause I don't get it..."
raf @
ezunx .
com
|
|
