lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071112152057.GJ9771@stusta.de>
Date:	Mon, 12 Nov 2007 16:20:57 +0100
From:	Adrian Bunk <bunk@...nel.org>
To:	Tuomo Valkonen <tuomov@....fi>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [poll] Is the megafreeze development model broken?

On Mon, Nov 12, 2007 at 01:51:25PM +0000, Tuomo Valkonen wrote:
> On 2007-11-12, Eric W. Biederman <ebiederm@...ssion.com> wrote:
> > I think a megafreeze development model is sane.  Finding a collection
> > of software versions that are all known to work together is very
> > interesting, and useful.  Making it so you can deliver something that
> > just works to end users is always interesting.
> 
> The distros only do that for the most important and most popular
> packages, most of which have become rather "generic" and faceless
> behemots in the sense that they do not have definite authors and so
> on, and for which it takes years to respond to bug reports in any case
> (if someone even bothers to enter the bug in registration-required
> Suckzilla, Debian's reportbug becoming much more usable in this case,
> even though it typically takes another year for the package maintainer
> to report things back upstream, if it ever even happens).
> 
> Other more marginal software with a face, the distros just throw in
> and expect the author to deal with users having problems with ancient
> development snapshots and even bugs in stable versions that the distros
> simply refuse to fix. They should not distribute that kind of software
> at all. That is, distros should stick to providing stable base systems, 
> and fully supported (and renamed if not generic) customised versions of
> other software for their target audience. For the rest, there should
> be better mechanisms for authors to distribute binary or otherwise
> easily and reliably installable packages of their software. 

The problem is not what the distributions ship, the problem is simply 
that problems with distribution packaged software should be reported 
to the distribution, not upstream.

And for becoming at least marginally on-topic again:
Assuming your "stable base systems" contains the Linux kernel, how would
you prevent users from reporting bugs in their ancient kernels [1] here?

> Closed-source operating systems are more decentralised than Linux,
> where the par^W^W a few big distros have de facto central control 
> over the software that users can conveniently install.

You should rephrase it:
Closed-source operating systems offer less software both available for 
convenient installation and supported by the vendor of the operating 
system.

Noone forces any users to install the software their distribution 
supports - people can (and sometimes do) install other software or
other versions of some software when they need it.

But the good thing about open source software is that when you believe 
your ideas are better than what current distributions do you can 
implement your ideas and create your own distribution. Then time will 
tell whether you were right or wrong.

> Tuomo

cu
Adrian

[1] keep in mind that when using a 6 months old kernel, this kernel
    differs by more than one million lines of code (sic) from the 
    current kernel

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ