Comment on Comitis Capital announces the acquisition of Threema
vacuumflower@lemmy.sdf.org 2 weeks agoWell, if we relax and look at this from a different angle, for much of humanity’s history advantageous knowledge was hidden or limited from competition, and in many things it still is.
Except advantageous knowledge of chemistry for early cannons, for example, could be verified. Better gunpowder.
This - can’t.
PierceTheBubble@lemmy.ml 2 weeks ago
Still, if the service is supposed to be security and privacy-oriented, how about you make the source-code available, so users can verify this for themselves?
vacuumflower@lemmy.sdf.org 2 weeks ago
Well, again, taking an unpopular but valid point of view - how good it really is to have the source code for finding vulnerabilities? Is it really harder to hide an intentional backdoor in the source code in plain sight than it is in something that’s only distributed in binaries? I have no relevant experience, but I’ve listened to a lecture by someone from Kaspersky lab saying that.
Having commonly available source code is good for development and learning of functionality of something, but security flaws have that subgroup of backdoors.
PierceTheBubble@lemmy.ml 2 weeks ago
If open-source, a lot more eyes could be on it, and therefore the chances of intentionally implemented vulnerabilities, by Threema itself, would have a higher chance of being noticed before able to be exploited, by both hackers and Threema (partners).
vacuumflower@lemmy.sdf.org 2 weeks ago
On the source code. Absolutely the same amount of eyes on the binary.
Anyway, there’s a joke (by Linus Torvalds, I think, but maybe I am wrong) that most of the eyes that could look at the code are attached to hands typing the thing about “more eyes”.
Source code being available is obviously beneficial for learning how a program works as a whole, or participating in its development, obviously, but for finding things hidden I’m not sure.