lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 14 Jan 2021 14:54:04 +1100 (AEDT)
From:   Finn Thain <fthain@...egraphics.com.au>
To:     Arnd Bergmann <arnd@...nel.org>
cc:     Linus Walleij <linus.walleij@...aro.org>,
        John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
        Gerhard Pircher <gerhard_pircher@....net>,
        Arnd Bergmann <arnd@...db.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-m68k <linux-m68k@...ts.linux-m68k.org>,
        Sparc kernel list <sparclinux@...r.kernel.org>,
        Linux-sh list <linux-sh@...r.kernel.org>
Subject: New platforms: bring out your dead, was Re: Old platforms: bring
 out your dead

On Wed, 13 Jan 2021, Arnd Bergmann wrote:

> 
> It's usually one of two things that happened before a platform gets
> deleted for good:
> 
> * The platform port was (almost) exclusively done by one company
>    with a commercial interest in it, and the company shifts its priorities
>    for some reason (acquisition, bankruptcy, product cancellation,
>    accidentally laying off all competent developers, ...) that causes it to
>    stop working on it. Sometimes the previously paid maintainers
>    keep up their upstream position, but without someone pushing the
>    last missing bits into an official release, users are stuck on an old
>    BSP kernel.
> 

Yes, that's the typical product life cycle. It presumes a short window of 
opportunity for sales (suggesting that demand is not organic).

Most vendors like to avoid having to compete with their own prior product 
lines. Hence the constrained lifespan that we get from devices with 
out-of-tree Linux ports.

AFAICS open source licenses cannot really prevent this (no matter how many 
freedoms the FSF would like to confer on people). However, consumer law 
could do it, if it were to disallow products which were not servicable.

> * A platform port is done in the open and actually works for upstream
>   users, but over time the last active maintainers move on in their
>   lives. Complex platforms inevitably break when a treewide change
>   goes wrong, so we rely on users that are able to bisect and report
>   bugs when they happen. 

And without bug reports, breakage gets leveraged into deletion, using the 
bogus argument that "broken" code is proof of zero potential users.

>   After a platform has been broken for too long, even competent users 
>   may decide to just give up and stay on their last working kernel. Some 
>   of these platforms eventually recover when a new maintainer steps up 
>   or someone discovers they depend on newer kernels for products, but 
>   after a few years it's usually beyond repair.
> 

So all a vendor has to do is make maintenance a bit too difficult for 
competent users e.g. by depriving them of access to existing 
documentation.

It was only a few decades ago that every applicance you bought came with a 
printed circuit schematic. These days, every device you buy comes with 
built-in obsolescence and a customer lock-in strategy.

>       Arnd
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ