Well, I admit I was quite irritated, especially because I didn't expect such a broadside from you, who I consider a reasonable discussion partner.
But, no, I didn't feel offended.

Sure, I see your point. But then I guess, I didn't make 3 clear enough.
Of course I'm not sure that someone really checks all FLOSS code. Always.
In fact, I believe that most code is actually never checked. A good (though harmless) demonstration of such an example was [1].

But I still believe, that even the theoretical chance of checking code is a big advantage of FLOSS over CSS, because if you actually do care for checking it, you can do that (or tell someone you trust to do it). You don't even get this (admittedly largely theoretical) chance with CSS in the first place.

Now, you say you don't trust FLOSS anymore than you trust CSS, because you've checked none of them and you see no realistic way to change that.
If you put it that way, I'm totally with you, but I believe your assumption that you have no realistic way to change the situation is at least overly pessimistic.

You remember that geek from Windischeschenbach you talked about and how you don't trust him because you don't know him?
What if I tell you, this guy is me? Would you trust me? Have you trusted me, when using my ED images (I could have put any amount of nasty stuff in them)?
I mean, you don't actually know me either. We've never met. To you I'm just some random guy on the internet. But we're part of the same community, members who both have some sort of long-lasting good reputation in this community. If I do something nasty and you expose this, because you actually checked my work, then my good reputation goes right out of the window.

You know what? Let's make this more realistic, because of course I'm not that guy from Windischeschenbach, and quite frankly I'm just a small fry when it comes to contributions to this community.
Let's talk about real heavyweights like pali or freemangordon. Over the years they've invested a lot into this community and I'm sure pretty much every N900 owner uses their code. So if someone would discover, one of them knowingly introduced backdoors or things like that, they'd lose the trust of this whole community and it might even reach into their real lifes, in case they used their contributions here as a reference there.

I believe the biggest difference between FLOSS and CSS is not so much the openness of the code, but the fact that FLOSS is about communities while CSS is about vendors and customers.
In communities the currency is trust, in vendor/customer relationships it's money. So if I want trustworthy software, I'll preferably get it from somewhere, where trust is of essential value.

Well, you might be right, but I hope you're not. Because if you are, then I see no reason why to stop applying this model to software only.
You could also say, that you can't trust people until they prove otherwise. The problem with this kind of proof is, it can never actually be brought. Different people act differently in different situations. So even if person 1 proves his trustworthyness in situation A, while person 2 turns out to be untrustworthy, their roles might be switched in situation B.

Now review this statement of yours in the light of what I just said about people.
If you constantly stay vigilant and never drop your guard completely, you'll never actually get close to someone else, because you're always going to hold something back. No (true) friends, no lovers (beyond the "physical aspect"), nothing of that which I consider to be the true essence of life.
Trust always includes a leap of faith. If you don't perform that leap, you'll always be limited to your own self.


[1] https://bugs.debian.org/cgi-bin/bugr...cgi?bug=819703

You're both right and wrong.
I largely agree with this statement of RMS you linked and I also agree with pichlo about FLOSS not being inherently more trustworthy than CSS.
However, BECAUSE trust is about people and software is about technology, you need some sort of translation matrix to bring them both together.
FLOSS is that translation matrix, more precisely it's two of them:
Free Software and Open Source. Both trying to reach the same goal from different starting points and for different reasons.

Thank you, much appreciated. Really.

Also, hence my apology. It was not meant to be a broadside. I could sense that I was not getting my point across and was just trying harder. Perhaps too hard.

Regarding your other points, you are absolutely right. Strictly speaking, you cannot really trust anyone, even your closest friends. There have been countless examples throughout history proving that ("Et tu, Brute?"). But you cannot go through your life constantly looking over your shoulder, as I also mentioned in post #13. The answer is, IMO, striking the right balance. It is your own decision what the balance is.

A nitpick; WSL does not have a linux kernel, it's an API translation layer very much like WINE but the other way around; the linux library calls are translated to equivalent windoze library calls.

It is a neat thing however, and might be of use to people who for some reason are locked to windows environment and can't or dont want to use a VM.

Yes, it mainly has the "GNU" part of the "GNU/linux" system.
It works very well for command line. The local disks are mounted over /mnt/ so can be accessed. I grep a lot of things that way.
Graphical apps can be launched from the linux subsystem if they support X11, and you start Xming (an X11 server for windows) on the Windows side. Not tested fully, but the little I tested worked ok (feels a little bit slower than a native display however).

For me, it replaced cygwin I was using before for that kind of things.

There are still some limitations, like access to serial ports (should be in a future update if not yet added, I have to check that again, didn't worked last time) and some other hardware (not sure USB devices can be accessed directly for example?).