|| ||Linus Torvalds <torvalds-AT-linux-foundation.org>|
|| ||Mike Hearn <mike-AT-plan99.net>|
|| ||Re: Shouldn't distros and ISVs ensure that
security updates get deployed promptly?|
|| ||Wed, 4 Feb 2009 08:50:54 -0800 (PST)|
|| ||desktop_architects-AT-lists.linux-foundation.org, Dan Kegel <dank-AT-kegel.com>|
|| ||Article, Thread
On Wed, 4 Feb 2009, Mike Hearn wrote:
> > The fact that you even _think_ you should be that trustworthy is totally
> > irrelevant, and somewhat scary.
> Dan is talking from the perspective of the people writing the software
> in question. They are the most qualified to understand the severity
> and impact of a bug. So your point makes no sense.
And you are _completely_ wrong.
The people writing the software are the _least_ objective, and the fact
that you don't understand/acknowledge that only shows that you have no
Yes, they may "technically" be the people with the most information, but
they are also the ones furthest removed from actual users - by definition.
And they are also the ones that are most emotionally (and often
financially) tied to things like "newest version".
There are _lots_ of examples of software people deciding to leave an old
version behind, despite the fact that essentially all users want to use
it. And yes, there are examples of those software people not doing
security fixes to the old version, because they want to "encourage" their
users to go to the new-and-improved version.
The fact that you don't see that as a problem just means that you should
not have _anything_ to do with the upgrade path.
Sorry, but this is not just some theoretical thing. You're wrong. You're
PS. That's not even mentioning all the issues which you can get with
commercial software, where there are pressures from other vendors and/or
your own financial side to perhaps even _degrade_ the functionality of the
software, and then call it a "security fix". Don't tell me that doesn't
happen. Look at Apple. It happens ALL THE TIME.
to post comments)