Wednesday, May 30. 2007How to show that you don't care about securityComments
Display comments as
(Linear | Threaded)
I'm having a similar issue with PulseAudio: Lennart didn't put in the ChangeLog that the new version fixed security issues, and only thanks to Florian Steinel I know about it.
Also, it's not easy to find the patches that needs to be applied to fix 0.9.5 (and 0.9.6 is almost a full year of work, so I don't want it to go stable right now), I'm now running the third test hoping that it works.
At Neu.de we started sending presents to people who find security issues. So also companies can do it the right way.
It's a pity but Open Source doesn't automatically mean that everything is better. Just like big company an individual programmer might feel some kind of shame when security related problem appears. And politically it would make all those Windose lunatics laughing out loudly, because every bug in open source software means that this software isn't more secure than closed source.
Of course this nonsense. No developer can't be blamed if such an error occurs. Yes, it would be nice if it doesn't happen, but with the size and complexety of modern software this is highly unlikely. But real open source politics should be to handle security related bugs as open as possible. Most projects do this, though. Let's hope that the amount of projects that deal with security issues in an unacceptable way remains rather small. |
About meYou can find my web page with links to my work as a journalist at https://hboeck.de/.
You may also find my newsletter about climate change and decarbonization technologies interesting. Hanno Böck mail: hanno@hboeck.de Hanno on Mastodon Impressum Show tagged entries |
I recently wrote that I'm sometimes a bit unhappy how security issues are handled in free software project. Now, to have some contrast, today I'll talk about an example how to do it right. Serendipity, the software I'm using to host this blog, had an S
Tracked: Jun 17, 23:58