lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hostetter <hossman_luc...@fucit.org>
Subject Re: access policy for Java Open Review Project
Date Tue, 19 Dec 2006 20:03:09 GMT

: application vulnerable or is really just a "ruckus" issue?  Part of
: me thinks that b/c the code is freely available, people could find
: the security issues anyway, so we aren't really protecting ourselves
: anyway by denying access.

Personally I agree ... if the source is free, all exposing vulnerabilities
to the public can do is give more people the power to submit patches.

Anyone truely nefarious can run FindBugs (or purchase copies of the
Fortify commercial analysis applications) on the source code directly and
get the same information.

Then again: my involvement with "high profile" open source projects is
relatively short lived ... there may very well be a lot of 'old timers'
with horror stories of past experiences that demonstrate why some aspects
of Open Source projects need to be less open then others to protect the
user base.




-Hoss


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org


Mime
View raw message