Hi,
This is a valid point, but (*1):
(*1) So I can speculate you're not playing EU at all?
You can speculate... sure, but you're wrong in this case. I was talking about third party software
I'll add that... now, thanks.
I trust chainfire. I have his homepage bookmarked, and whenever I read about an update, I don't use any link provided in the message, I use my trusted bookmark. And whenever I download something, my trusted av tool checks for possible contamination. Given that my trust isn't something easy to earn this gives me some kind of security.
Would add an open source PEAssistant more security? Not really, I think. I'm not the one able to read the code and check for possible vulnerabilities, and, other than for instance Mozilla, the amount of people willing and able to evaluate the code would be very small to zero, right?
So it would provide no greater means of security. But it would add another vector of attack, using the open source code there could be written hooks exploiting even an unaltered PEAssistant installations to harm the user.
I'm a fan of open source software, and I use it whenever possible. But open source isn't the cure to all diseases of this world, and sometimes it even opens new doors to the evil beings out there. Let's check, think, think again, then decide.
very valid points, and i surely see the problems that arise with open sourced pe-ass/other programs.
I think e.g. you are right that not many would volunteer proof-reading the source, but that's not really the issue IMO. - and what follows now is a general statement, not specifically about eu-related software - one of the main benefits of open source software is simply that the author states that he has nothing to hide, so especially no fishy stuff.
There are many other valid things you want to hide, so i'm by no means implying that if you hide your source, you hide fishy stuff!
What i however fail to see is how someone would be willing to install a modified version that is not provided by the initial author (unless they have the same level of thrust in the new author)
Therefore I doubt that open sourcing e.g. pe-ass would result in any modified, maleficious version. Why? Because ppl lack trust in the 'mod peass'.
for example suppose that chainfire releases pe-ass, and i modify it (with or without malicious functions). Would you ever test it? No, because you dont have sufficient trust in me.
The odds of someone succesfully expoiting a currently existing, trusted versions of pe-ass are almost nihil. Why? because of the same trust that is needed.
Anyway, that 'i wont use it if it's closed source' was more directed to third party software that is not targetted to a specific audience (such as fraps). Software such as pe-ass, that has a specific audience (EU-payers) i wont use due to my paranoid skills
