Security accountability

Posted Oct 21, 2003 18:47 UTC (Tue) by rknop (guest, #66)
In reply to: Security accountability by hazelsct
Parent article: Linux not accountable for security, Ballmer says (SearchWin2000)

And Linux aside, why do relatively few upstream maintainers provide patches for old versions of software which are still in widespread use, forcing people to upgrade to the latest versions with new features and bugs instead? The distros of course have filled in, e.g. Debian backports fixes to releases made quite far back (only recently dropped support for potato, released in the summer of 2000).

There's an extremely importent point in here. Distros put security patches in older software... because they can. The very nature of free software allows this to happen. If the primary supplier falls down on the job, it's at least possible for somebody else to do it. This is one of free software's greatest strengths! With Microsoft, if they don't fix it, nobody else easily can. (If if they figure out how to anyway, they're in violation of all sorts of laws.)

What Ballmer says as nobody being responsible is really that we aren't stuck relying on any one entity-- whereas with Windows, you have no choice but to rely on one entity, and one entity which has not proven as reliable as one might want.

-Rob