| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Nov 2007 16:20:57 +0100
From: Adrian Bunk <bunk@...nel.org>
To: Tuomo Valkonen <tuomov@....fi>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [poll] Is the megafreeze development model broken?
On Mon, Nov 12, 2007 at 01:51:25PM +0000, Tuomo Valkonen wrote:
> On 2007-11-12, Eric W. Biederman <ebiederm@...ssion.com> wrote:
> > I think a megafreeze development model is sane. Finding a collection
> > of software versions that are all known to work together is very
> > interesting, and useful. Making it so you can deliver something that
> > just works to end users is always interesting.
>
> The distros only do that for the most important and most popular
> packages, most of which have become rather "generic" and faceless
> behemots in the sense that they do not have definite authors and so
> on, and for which it takes years to respond to bug reports in any case
> (if someone even bothers to enter the bug in registration-required
> Suckzilla, Debian's reportbug becoming much more usable in this case,
> even though it typically takes another year for the package maintainer
> to report things back upstream, if it ever even happens).
>
> Other more marginal software with a face, the distros just throw in
> and expect the author to deal with users having problems with ancient
> development snapshots and even bugs in stable versions that the distros
> simply refuse to fix. They should not distribute that kind of software
> at all. That is, distros should stick to providing stable base systems,
> and fully supported (and renamed if not generic) customised versions of
> other software for their target audience. For the rest, there should
> be better mechanisms for authors to distribute binary or otherwise
> easily and reliably installable packages of their software.
The problem is not what the distributions ship, the problem is simply
that problems with distribution packaged software should be reported
to the distribution, not upstream.
And for becoming at least marginally on-topic again:
Assuming your "stable base systems" contains the Linux kernel, how would
you prevent users from reporting bugs in their ancient kernels [1] here?
> Closed-source operating systems are more decentralised than Linux,
> where the par^W^W a few big distros have de facto central control
> over the software that users can conveniently install.
You should rephrase it:
Closed-source operating systems offer less software both available for
convenient installation and supported by the vendor of the operating
system.
Noone forces any users to install the software their distribution
supports - people can (and sometimes do) install other software or
other versions of some software when they need it.
But the good thing about open source software is that when you believe
your ideas are better than what current distributions do you can
implement your ideas and create your own distribution. Then time will
tell whether you were right or wrong.
> Tuomo
cu
Adrian
[1] keep in mind that when using a 6 months old kernel, this kernel
differs by more than one million lines of code (sic) from the
current kernel
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists