Re: How secure is an installation with with no non-free packages?

[Jordon Bedwell <jordon@envygeeks.com>]

On Thu, Sep 12, 2013 at 5:01 PM, Jonathan Perry-Houts
<jperryhouts@gmail.com> wrote:
> I can't speak to those packages specifically but I think the answer
> you'll get from most people, especially in this community, is that
> non-free software is inherently insecure because you can't know
> exactly what it is doing. Thus, a fully free system such as Debian
> with only main enabled or Trisquel or so is, in principle, more
> trustworthy than any system running non-free code.
>
> That said, free code can of course have bugs and security holes too.
> It's probably less likely, with a community of thousands auditing it
> versus a closed group of developers, but it happens.

This falls on the assumption that people actually audit the open
source software they use, which most of the time is not the case
because they have the same mentality you imply you have: "with
thousands auditing it, why should I? it must be secure"... by that
logic with millions auditing Android we shouldn't have had the
recently huge crypto issue in Android right?  You know, the one that
slipped by for years.  We shouldn't have had several other bugs that
were years unnoticed in other software.