Re: OpenSource alternatives for cdrecord.prodvd?
Greetings,..
On tuesday, decemebter 30th 2003 13:32 you wrote:
> From: Jan =?iso-8859-1?q?L=FChr?= <jluehr@gmx.net>
>
> >as far as trust (not as in tusted computing ;) and security are concerned
> >Closed source is not an altanative for me :(
>
> Well, look at what SuSE does (discussed here recently), they offer open
> Source but publish insecure software.
Well, SuSE is quite a bad example for an good open source vendor. Although
they prise the stability of open source, they ship unstable beta versions
just to have a higher release number then their combatants
> Unless you are able to understand higly complex softwaere and check every
> line of code (with cdrecord you would need to check > 100,000 lines of
> code!)
>
> Unless _you_ are really able to do this, Open source is not what helps you.
> In contrary to that, it helps you to use software from people you may
> trust.
Yeap. But that exactly is the pupose of open source. As far as you not able
to check the program yourself, you can be sure that someone is able to that.
If you draw you attention to various trojans smuggeled into some OpenSource
programs on the BSD servers or others FTP servers, they were detected by
awake people who actually checked the source.
And you don't habe to check every line in OpenSSH and OpenSSL (I don't believe
that they are - especially ther crypthographic routines - less complex), to
find the trojan horse discovered in mid 2003 and imho your ftp server might
be not more secure than the OpenBSD's one.
> I personally dont trust people who patch cdrecord and do not even succeed
> to avoid bugs caused by miss used data structures that I see when only
> looking into the patch file for less than a minute.
Well, I don't trused them, too.
Sometimes , it's really hard to decide, whether an open source project is
managed by (semi /) professionalists or enthusiastic amatuers.
> >Are there any OpenSource alternatives for cdrecord.prodvd providing the
> > same functionality?
> >Other tools like dvdrtools only provide a few features, compared to
> >cdrecord.prodvd.
>
> You name ie, this obscure "dvdrtools" is a piece of software that is risky
> to use.
This "obscure" package is OpenSource and it seems less risky to me in general
(as far as I haven't digged into the source)
> >I respect Joerg's view about the GPL, although I don't agree. Perhaps IBMs
> >counter lawsuit vs SCO is going to prove or reject the spirit of the GPL.
>
> Well, I do follow the spirit of the GPL and in contrary to the Free
> Software Foundation, I also follow the Urheberrecht.... The FSF publishes
> software (e.g. vcdimager) that violates the Copyright.
Is that program really published by FSF? I have no time to check it yet. And
in what ways does vcdimage violates the Urheberrecht.
> >Btw. I don't want to refight flamewars alreade fought in mid-late 2002,
> > I'm just seeking for alternativs.
>
> I still don't understand your concerns, cdrercord-ProDVD is definitely more
> trustworthy than the illegal hacks on cdrecord that pretend to allow to
> write DVDs.
trustworthy is quite a relativ word and can be interpreted in many ways.
Anyway I don't trust trusted computing (TCPA), either.
Non OpenSource programs are kess trustworthy for me, as far as they came in
touch with senstiv data.
Keep smiling
yanosz
--
... Lehrst du ihn fischen, so ernährt er sich für immer.
... Lehrst du ihn Plutonium anzureichern, so bombt er für immer.
(chin. Weisheit)
Reply to: