User: Password:
|
|
Subscribe / Log in / New account

Ubuntu, security response, and community contributions

Ubuntu, security response, and community contributions

Posted Jul 21, 2008 19:25 UTC (Mon) by ddaa (guest, #5338)
In reply to: Ubuntu, security response, and community contributions by skvidal
Parent article: Ubuntu, security response, and community contributions

> If you want to see an open source and published hosting system, take a look at
fedorahosted.org

I do not know this, but I am sure it is very nicely done.

However you miss an important point in the text you quoted:

> "Launchpad was created in large part to allow them to interact more fully with "upstream"
maintainers

Launchpad is much more than just a hosting solution. It was designed from day one to encourage
collaboration between upstream projects, distributions and end users, in all the possible
combinations.

Ever since Ubuntu started, Launchpad was being worked on with the explicit goal of bridging
various gaps that make it hard to contribute to the free software ecosystem.

For several years, the Launchpad staff was nearly the size of the ubuntu-core staff (we are
talking in dozens of people here). That strongly suggests that Canonical is genuinely
interested in contributing back.

Disclaimer: I was a Launchpad developer from June 2004 to January 2008.


(Log in to post comments)

Ubuntu, security response, and community contributions

Posted Jul 22, 2008 19:24 UTC (Tue) by rahulsundaram (subscriber, #21946) [Link]

"Ever since Ubuntu started, Launchpad was being worked on with the explicit goal of bridging
various gaps that make it hard to contribute to the free software ecosystem."

The real way is to open it up to the community and not have a bitkeeper like situation which
will only lead inevitably to people redoing something like it from scratch because they see
the benefits but don't want to rely on a centralized proprietary service. 

Ubuntu, security response, and community contributions

Posted Jul 22, 2008 21:36 UTC (Tue) by ddaa (guest, #5338) [Link]

> The real way is to open it up to the community

People at Canonical disagree, for numerous reasons including avoding fragmentation, keeping
the problem space simpler, and preserving opportunities for revenue.

> and not have a bitkeeper like situation which will only lead inevitably to people redoing
something like it from scratch because they see the benefits but don't want to rely on a
centralized proprietary service. 

This is a strawman. Proprietary end-user software like bitkeeper is very different from
internet services like Launchpad.

And even if people eventually did succeed at implement a better, more free, and more
successful Launchpad, that would not invalidate the pioneering work that Canonical funded to
ease the flow of knowledge in free sofware.

Ubuntu, security response, and community contributions

Posted Jul 23, 2008 0:56 UTC (Wed) by mmcgrath (guest, #44906) [Link]

> And even if people eventually did succeed at implement a better, more
> free, and more successful Launchpad, that would not invalidate the
> pioneering work that Canonical funded to ease the flow of knowledge in
> free sofware.

You trying to convince us or yourself?  The issue here is canonical embracing open source with
one hand and stealing from it with the other.  No rules are being broken there but the high
and mighty "we know best" attitude is the mark Canonical is leaving on the very community it
relies on.  

The smoke and mirrors people think is the success haven't been founded in any reality I've
seen and people will start to notice that.  Afterall, Mark continues to hemorrhage money into
Canonical at least until he gets bored.  I've yet to see any solid numbers of Ubuntu's success
beyond Google trends.  People will get bored as they realize those in charge continue to hold
a carrot in front of them, they'll move on.

Ubuntu, security response, and community contributions

Posted Jul 23, 2008 19:10 UTC (Wed) by ddaa (guest, #5338) [Link]

In your reply, the tone alone indicates that your are not interested in constructive
discussion. Or if you are, you need to improve your writing skills.

I acknowledge the effort you made in writing this comment. Sadly, as it is written, it would
be very difficult to reply to while keeping the discussion meaningful.

Ubuntu, security response, and community contributions

Posted Jul 23, 2008 19:13 UTC (Wed) by mmcgrath (guest, #44906) [Link]

I'm a technician, not a writer.  How about this:

Ad hominem.  Why attack the argument when you can attack the speaker?  What a common fallacy
you've just committed.  No need to respond, your actions will speak louder, let us know when
that launchpad is OSS.  Have a nice day.

Ubuntu, security response, and community contributions

Posted Jul 23, 2008 19:49 UTC (Wed) by ddaa (guest, #5338) [Link]

How interesting.

I made a point of attacking only your writing. I even suggested you might be of good faith but
that you just failed at clear expression.

Ubuntu, security response, and community contributions

Posted Jul 23, 2008 1:16 UTC (Wed) by rahulsundaram (subscriber, #21946) [Link]

Other than the possible revenue from keeping it proprietary, I don't consider the other
excuses even applicable especially since the memories of companies using the "fragmentation"
card against free and open source software for years is still fresh, Java being among the
latest to turn around. The way to avoid fragmentation is providing a way for community to
participate, innovate and not using control. Distributed services with open protocols is the
long term sustainable approach. Centralized proprietary services just won't scale. 

The inherent problems of proprietary software is similar whether the software is running in
the client or the server and in some ways more problematic given the rise of people and
entities hiding behind software as a service to avoid facing the question. Creating walled
gardens is no innovation. One symptom of the many problems with this approach is the workflow
of translations not going to upstream by default and getting locked up into the distribution
unlike transifex (http://transifex.org) which Fedora project seeded and follows the upstream
by default model like the rest of the distribution in addition to being free and open source.

Ubuntu, security response, and community contributions

Posted Jul 23, 2008 19:47 UTC (Wed) by ddaa (guest, #5338) [Link]

You are touching a lot of topics in this comment. So I could only give very short answers to
each of the points you touched.

> Other than the possible revenue from keeping it proprietary, I don't consider the other
excuses even applicable

I do not think that per-seat licensing of the Launchpad code is a practical business model for
Canonical. But I do not claim to know beforehand what all the revenue opportunities could be.
A sensible entrepreneur avoids discarding possible unseen revenue streams unless there is a
compelling reason to.

> the memories of companies using the "fragmentation" card against free and open source
software for years is still fresh, Java being among the latest to turn around. The way to
avoid fragmentation is providing a way for community to participate, innovate and not using
control.

That is true for user-runnable software. And Canonical understands that very well as is
demonstrated by the development processes of Ubuntu and Bazaar.

Fragmentation, when talking about Launchpad, means something else: the value of Launchpad
comes from the inter-relations between the numerous project communities that are using it.
Multiple distinct Launchpad services would make interactions within any single instance total
to less than it could be. More total users increase the value the project, lost opportunity
decreases it. It is not a clear-cut issue.

> Distributed services with open protocols is the long term sustainable approach. Centralized
proprietary services just won't scale. 

This is a good point, and using a federated design was considered early on. This direction was
not chosen to "keep the problem space simpler", as I said in the message you are replying to.
Avoiding the additional complexity of a decentralized design was a good engineering decision
in its own right.

> The inherent problems of proprietary software is similar whether the software is running in
the client or the server and in some ways more problematic given the rise of people and
entities hiding behind software as a service to avoid facing the question.

Let's agree to disagree. In my view, they are apples and oranges.

> One symptom of the many problems with this approach is the workflow of translations not
going to upstream by default and getting locked up into the distribution unlike transifex
(http://transifex.org) which Fedora project seeded and follows the upstream by default model
like the rest of the distribution in addition to being free and open source.

Discussing the particular perceived shortcomings of Launchpad translations would distract us
of what I regard as the main point of this thread, and I do not claim to understand this part
of Launchpad well enough to address your concerns.

Ubuntu, security response, and community contributions

Posted Jul 24, 2008 2:20 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

You said Canonical employees disagreed with opening the source code and giving access to the
community inorder to retain potential revenue opportunities. I merely conceded that is a
understandable excuse (though I disagree completely with the decision to keep it proprietary).
I don't know why you even bought up "per-seat licensing". Sensible people working within a
community would want to gain trust by not acting inconsistently or giving outlandishly false
claims (c.f security history) whether they are entrepreneurs or not. Anything else is just
short sighted and not even within their self interest. 

Multiple distinct instances need not ever decrease the value of the service at all. It depends
on how well you federate it. Sure, it is more complex but that is price you need to pay for
working with a distributed community of producers and consumers. In my view, the workflow of
translations is a clear direct result of a deliberate strategy to keep the content within the
distribution essentially closed within itself instead of helping the broader upstream
community. The problem is well known and has never been addressed so far. This combined with
the decision to keep the source code closed doesn't indicate or inspire good faith. 


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds