lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Nov 2007 13:51:25 +0000 (UTC)
From:	Tuomo Valkonen <tuomov@....fi>
To:	linux-kernel@...r.kernel.org
Subject:  Re: [poll] Is the megafreeze development model broken?

On 2007-11-12, Eric W. Biederman <ebiederm@...ssion.com> wrote:
> I think a megafreeze development model is sane.  Finding a collection
> of software versions that are all known to work together is very
> interesting, and useful.  Making it so you can deliver something that
> just works to end users is always interesting.

The distros only do that for the most important and most popular
packages, most of which have become rather "generic" and faceless
behemots in the sense that they do not have definite authors and so
on, and for which it takes years to respond to bug reports in any case
(if someone even bothers to enter the bug in registration-required
Suckzilla, Debian's reportbug becoming much more usable in this case,
even though it typically takes another year for the package maintainer
to report things back upstream, if it ever even happens).

Other more marginal software with a face, the distros just throw in
and expect the author to deal with users having problems with ancient
development snapshots and even bugs in stable versions that the distros
simply refuse to fix. They should not distribute that kind of software
at all. That is, distros should stick to providing stable base systems, 
and fully supported (and renamed if not generic) customised versions of
other software for their target audience. For the rest, there should
be better mechanisms for authors to distribute binary or otherwise
easily and reliably installable packages of their software. 

Closed-source operating systems are more decentralised than Linux,
where the par^W^W a few big distros have de facto central control 
over the software that users can conveniently install.

-- 
Tuomo

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ