LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu, security response, and community contributions

Ubuntu, security response, and community contributions

Posted Jul 17, 2008 16:50 UTC (Thu) by mikov (subscriber, #33179)
In reply to: Ubuntu, security response, and community contributions by madscientist
Parent article: Ubuntu, security response, and community contributions

And finally, Ubuntu brings something to the GNU/Linux community which is extremely difficult to create and also impossible to quantify: opportunity and marketing, and a kind of "average user legitimacy". I know that virtually all the technology in Ubuntu was there before and/or was provided by someone else, but putting it together to create that "buzz" and really concentrating on growing the user base and what that takes is a big task. While it's not a technical achievement, it's very hard to do and that success DOES help every GNU/Linux user and distribution. As technologists too often we base all our opinions on measurable criteria such as number of bugs fixed, changes merged, etc. but there are other yardsticks that are important as well.

I agree 100%. I have my own gripes with Ubuntu (see below), but in my eyes in recent years it has made more for Linux acceptance than the rest of the vendors combined.

Yes, they used work done by others - Debian, RedHat, etc without contributing much software, but so what ? This is what free software is about. There is nothing immoral or unethical what Ubuntu is doing! If you don't want Ubuntu to use your software, then don't make it free, I say ...

The problem with Ubuntu, as I see it, is that they don't have the resources to fix bugs and probably lack the leverage with upstream. What happens if you complain to Canonical support about a problem ? If its not a configuration issue, they are probably just going to have to wait like the rest of us for the next upstream release, hoping that it addresses that specific problem. So, I don't see why I would pay them for support.

(Log in to post comments)

Ubuntu, security response, and community contributions

Posted Jul 17, 2008 19:01 UTC (Thu) by jspaleta (subscriber, #50639) [Link] 


"Yes, they used work done by others - Debian, RedHat, etc without contributing much software,
but so what ? This is what free software is about. There is nothing immoral or unethical what
Ubuntu is doing!"

Let's be very very clear.  There is a distinct different between the Community of Ubuntu users
and developers... and Mark Shuttleworth and Canonical.  As much as Shuttleworth would want to
blur the distinction so that he can wrap him statements up in the goodwill of the Ubuntu
community concept to armor them from criticism he does so at the expense of the Ubuntu
community.

The problem is not the Ubuntu community, the problem is Mark Shuttleworth, is making some very
aggressive statements that are quite simply.. over-reaching..and not properly supported.  He's
burning goodwill with upstream projects in doing so.  

This vulnerability response statement is just the latest example. And I think its perfectly
appropriate that people start asking him why his company has not invested in a transparent
vulnerability reporting process for Ubuntu users... but is instead relying on unnamed
independent studies to bolster statements to the press.  It doesn't have to be like Red Hat's,
but shouldn't Ubuntu LTS users have something in the same general shape? I think that's a
perfectly reasonable sort of question for Ubuntu users to ask of Shuttleworth and Canonical.

But he's made other high profile statements..to the press and to the public..aggressive
statements, which challenge and undermine the processes and work that upstream projects are
using.  Statements about hardware support and about syncing with upstream development to match
Canonical's business interests have been high profile challenges that simply have not been
backed up by his company's own actions..a lack of engaging the upstream projects and to help
them do better before going to the press with the idea.  

I feel somewhat bad for the Canonical engineers who are engaged with upstream. Shuttleworth is
actually de-valuing what they are doing by making public statements which are out of
proportion with the development work they are doing.  He really needs to let those engineers
lead these sorts of discussions as part of upstream project conversations.  I wonder if he can
do that, take a backseat to the engineers in public facing conversations. Maybe he just
doesn't understand the value of restraint.

Are the things Shuttleworth has made headlines for recently things that Canonical can drive
sustainable development for? I think active community Ubuntu users need to really ask
Shuttleworth and Canonical in general some very hard questions concerning sustainability of
the work they are doing under the Ubuntu brand.  

I believe that Debian as a community reached a sustainable level of development based on the
available resources, and that Debian as a project is going to have a long successful career
serving a specific purpose.  It might be frustration in some respects, but I believe they've
built a sustainable process.  I'm not so sure Canonical has.

It's an outstanding question, whether Canonical through the creation of the Ubuntu community
has enough resources to sustain the perceived growth happening in the Ubuntu uptake.  Is
Canonical overreaching beyond its own engineering capabilities with its Ubuntu OEM deals? Is
it overreaching with its Ubuntu LTS edition? What happens to Ubuntu if the answer is yes?
Supporters of Canonical admit that they don't have the staffing commitment of Red Hat to
directly support upstream development in the say way. If that is so, then shouldn't all these
sorts of engineering initiatives from Canonical scare the crap out of you as a Ubuntu
community member because it continues to spread engineering resources even thinner?  How
transparent is Canonical's business plans as it relates to your volunteer commitment and needs
as a Ubuntu community member?  Like I said, I think Ubuntu community members need to be a bit
more critical of Canonical and Shuttleworth.

-jef

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds