@ashwinvis @strypey It's better not to need trust. With Windows, you have to trust that the closed code is doing what you want. With linux, you can't inspect all the code and you have to trust that others are auditing competently.
@strypey @ashwinvis Recall that #openSSL had a quite serious bug around ~10 yrs ago. After it was discovered, it was realized that no one spotted the bug for several years.
@aktivismoEstasMiaLuo OpenSSL was a very different case to the Linux kernel, which has dozens of paid devs plus volunteers. It's worth noting that if OpenSSL was proprietary, the bug would probably not have been found at all, and would still be unpatched.
@strypey @aktivismoEstasMiaLuo @ashwinvis
What I found especially outraging back when the whole OpenSSL shitstorm started was the fact that fucking Vue.js was getting like $500k donations per years and OpenSSL - $500 (won't bother to check, possibly an exaggeration but you get the idea).
And yet, multi billion dollar companies and every userspace application under the sun across multiple platforms and operating systems was taking advantage of it still.