[kwlug-disc] given enough eyeballs, all bugs are shallow?
Robert P. J. Day
rpjday at crashcourse.ca
Sat Jan 9 08:18:21 EST 2010
On Fri, 8 Jan 2010, Lori Paniak wrote:
... snip ...
> Actually it is worse than that. The pathway of open source software
> from programmer to end-user involves an intermediate state which not
> present in proprietary software: the package/distribution maintainer.
> The people who code open source software belong to a project. People
> install distributions on their computers. There has to be someone in
> the middle to package projects into distributions. I do not see how
> this extra step can improve the security of a piece of software.
that's a good point i hadn't considered -- the very same software
can be packaged *considerably* differently from distro to distro. the
apache web server needs to be packaged as a .deb for some distros, or
as a .rpm for others. the default document root might default
differently (/var/www versus /src/www). in some cases, i've seen
packaging where what is a single package for one distro is broken into
distinct packages for another distro (perhaps distinguishing between
the client bit and the server bit, to be installed independently).
Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Kernel Pedantry.
Web page: http://crashcourse.ca
More information about the kwlug-disc