[kwlug-disc] given enough eyeballs, all bugs are shallow?
Robert P. J. Day
rpjday at crashcourse.ca
Sat Jan 9 08:18:21 EST 2010
On Fri, 8 Jan 2010, Lori Paniak wrote:
... snip ...
> Actually it is worse than that. The pathway of open source software
> from programmer to end-user involves an intermediate state which not
> present in proprietary software: the package/distribution maintainer.
> The people who code open source software belong to a project. People
> install distributions on their computers. There has to be someone in
> the middle to package projects into distributions. I do not see how
> this extra step can improve the security of a piece of software.
that's a good point i hadn't considered -- the very same software
can be packaged *considerably* differently from distro to distro. the
apache web server needs to be packaged as a .deb for some distros, or
as a .rpm for others. the default document root might default
differently (/var/www versus /src/www). in some cases, i've seen
packaging where what is a single package for one distro is broken into
distinct packages for another distro (perhaps distinguishing between
the client bit and the server bit, to be installed independently).
rday
--
========================================================================
Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Kernel Pedantry.
Web page: http://crashcourse.ca
Twitter: http://twitter.com/rpjday
========================================================================
More information about the kwlug-disc
mailing list