[kwlug-disc] given enough eyeballs, all bugs are shallow?

Robert P. J. Day rpjday at crashcourse.ca
Sat Jan 9 08:18:21 EST 2010


On Fri, 8 Jan 2010, Lori Paniak wrote:

... snip ...

> Actually it is worse than that.  The pathway of open source software
> from programmer to end-user involves an intermediate state which not
> present in proprietary software:  the package/distribution maintainer.
> The people who code open source software belong to a project.  People
> install distributions on their computers.  There has to be someone in
> the middle to package projects into distributions.  I do not see how
> this extra step can improve the security of a piece of software.

  that's a good point i hadn't considered -- the very same software
can be packaged *considerably* differently from distro to distro.  the
apache web server needs to be packaged as a .deb for some distros, or
as a .rpm for others.  the default document root might default
differently (/var/www versus /src/www).  in some cases, i've seen
packaging where what is a single package for one distro is broken into
distinct packages for another distro (perhaps distinguishing between
the client bit and the server bit, to be installed independently).

rday
--

========================================================================
Robert P. J. Day                               Waterloo, Ontario, CANADA

            Linux Consulting, Training and Kernel Pedantry.

Web page:                                          http://crashcourse.ca
Twitter:                                       http://twitter.com/rpjday
========================================================================



More information about the kwlug-disc_kwlug.org mailing list