[kwlug-disc] given enough eyeballs, all bugs are shallow?

Robert P. J. Day rpjday at crashcourse.ca
Sat Jan 9 08:18:21 EST 2010

On Fri, 8 Jan 2010, Lori Paniak wrote:

... snip ...

> Actually it is worse than that.  The pathway of open source software
> from programmer to end-user involves an intermediate state which not
> present in proprietary software:  the package/distribution maintainer.
> The people who code open source software belong to a project.  People
> install distributions on their computers.  There has to be someone in
> the middle to package projects into distributions.  I do not see how
> this extra step can improve the security of a piece of software.

  that's a good point i hadn't considered -- the very same software
can be packaged *considerably* differently from distro to distro.  the
apache web server needs to be packaged as a .deb for some distros, or
as a .rpm for others.  the default document root might default
differently (/var/www versus /src/www).  in some cases, i've seen
packaging where what is a single package for one distro is broken into
distinct packages for another distro (perhaps distinguishing between
the client bit and the server bit, to be installed independently).


Robert P. J. Day                               Waterloo, Ontario, CANADA

            Linux Consulting, Training and Kernel Pedantry.

Web page:                                          http://crashcourse.ca
Twitter:                                       http://twitter.com/rpjday

More information about the kwlug-disc mailing list