Lessons from Log4j

Posted Dec 20, 2021 18:30 UTC (Mon) by NYKevin (subscriber, #129325)
In reply to: Lessons from Log4j by pebolle
Parent article: Lessons from Log4j

The Open Source response is essentially that there's no free lunch. When an open source project is poorly maintained, this is often a result of nobody contributing to it. Compared on equal terms, open source development is superior to proprietary development, but in order for that to be a fair comparison, you need to be throwing equal amounts of time, money, and person-hours at both methods. In practice, many companies are unwilling to do that, but that's not a failing in open source itself.

Lessons from Log4j

Posted Dec 20, 2021 23:36 UTC (Mon) by pebolle (guest, #35204) [Link]

> The Open Source response is essentially that there's no free lunch. When an open source project is poorly maintained, this is often a result of nobody contributing to it.

Am I reading you in bad faith if I say this translates to: if you open sourced harder it wouldn't have happened?

> Compared on equal terms, open source development is superior to proprietary development

I was taught that Open Source was a reaction to Free Software. Both are alternatives to proprietary software, of course, but Open Source should be evaluated on its promise to yield better results while Free Software on its promise to yield more freedom.

(I think LWN.net almost never covers software that is Open Source but not Free Software so let's ignore that niche.)

My point was that in cases like this, where (free and open) software turns out to be buggy the proponents of Open Source have some explaining to do. And open source harder explains very little as it will be always true.