Re: Doh in http://www.dslreports.com/forum/r8618120 en Mon, 30 Nov 2009 07:29:00 EDT Mon, 30 Nov 2009 07:29:00 EDT Re: Doh http://www.dslreports.com/forum/remark,8633820 Rambo76098 :
said by justin See Profile:
who says they are not being responsible? seems to me, they take at least as much an interest in a quick fix as any for-cash software company does. And try asking microsoft or oracle for damages when their software has a problem!


Yeah but the last time i checked this was free and all the microsoft products i have i paid out my ass for. If im paying as much as i did for windows or office then im expecting it to be a good, quality, error free program(which windows is not!) but if something is free i will be happy if it works at all b/c i paid nothing for it and as long as my comp is not damaged or compromised, then i could care less.]]> http://www.dslreports.com/forum/remark,8633820 Fri, 28 Nov 2003 21:24:06 EDT Re: Doh http://www.dslreports.com/forum/remark,8618723 koitsu : I've spent too many years working with OSS to confuse the two. The response I speak of I've received from members of the Apache team (re: RFC931/1413 flaw which could lead to a buffer overflow and still exists today, re: zombie processes caused on many systems in 1.3.29), developers of SpamAssassin (re: spamd leaving zombie processes around on BSD systems), BIND 8.x (re: potential security hole: zone transfer tempfiles put in main root dir only when using key-based authentication, requiring the daemon to have full rwx access to /etc/namedb, rather than putting them in the appropriate zone directory from each zone directive), GNU screen (re: code checking for ~/.nethackrc despite "nethack off" being specified in .screenrc), PHP 4.x (re: returning status code of 200 regardless of what Apache says is a legitimate command; still exists today), FreeBSD sendmail updates (re: expanding etc/mail/Makefile to support sendmail's "cidrexpand" script so one can use CIDR notation in etc/mail/access; this is more of a feature, but the response was a real let-down) and numerous other mainstream applications.

I've been trying to keep a list of all the issues I've reported which go either unresponded to or illicit the standard "You have the source, fix it yourself" response, but I run into stuff too often to maintain a coherent list...

I'm just one guy with very interesting experiences with the OSS community, most of them negative. But it still warms my heart (honestly) when I see an OSS developer step in and say "Thanks for reporting this! I'll provide and commit a patch in a few minutes," or simply push out a new release.

Anyways, without getting too off track, my point is that peoples' responsibilities shouldn't be nullified whether or not the application is free or commercial.
--
Making life hard for others since 1977.]]> http://www.dslreports.com/forum/remark,8618723 Wed, 26 Nov 2003 23:38:44 EDT Re: Doh http://www.dslreports.com/forum/remark,8618440 justin : really? that doesn't sound like any OSS projects I can imagine. Are you sure you are not confusing requests for features you want, which may of course be ignored, with notification of important bugs and security problems?]]> http://www.dslreports.com/forum/remark,8618440 Wed, 26 Nov 2003 23:07:09 EDT Re: Doh http://www.dslreports.com/forum/remark,8618120 koitsu : In the case of the MT folks, they've been generally pretty responsible when it comes to providing patches and being up-front with users about the impact of bugs or security flaws. It's good to see that some open-source developers still believe in taking responsibility for their code.

My statement was more general than it was specific to the MT authors; the majority of my experiences with OSS authors has been "since we give you the code, you can fix the problem yourself." It's that kind-of excuse which makes me wonder how many people live in hobbit holes...
--
Making life hard for others since 1977.]]> http://www.dslreports.com/forum/remark,8618120 Wed, 26 Nov 2003 22:26:05 EDT Re: Doh http://www.dslreports.com/forum/remark,8618044 justin : who says they are not being responsible? seems to me, they take at least as much an interest in a quick fix as any for-cash software company does. And try asking microsoft or oracle for damages when their software has a problem!]]> http://www.dslreports.com/forum/remark,8618044 Wed, 26 Nov 2003 22:17:13 EDT Re: Doh http://www.dslreports.com/forum/remark,8617860 koitsu : The fact something is free doesn't automatically void the authors from being responsible for flaws in their code.

Open-source should NOT be used as a way for programmers to get around having to take responsibility for something they've created. The more it becomes such, the more crap software we're going to see in times to come.
--
Making life hard for others since 1977.]]> http://www.dslreports.com/forum/remark,8617860 Wed, 26 Nov 2003 21:57:43 EDT Re: Doh http://www.dslreports.com/forum/remark,8616452 RadioDoc :
said by DSLDUDE See Profile:
I don't care if it had 100 security flaws, if it's FREE, then one should not complain...
Tell that to the thousands of Internet Explorer complainers...

Seems like any mechanism which allows what is essentially an open relay is a horrible idea in this day and age, no matter what it costs.]]> http://www.dslreports.com/forum/remark,8616452 Wed, 26 Nov 2003 19:12:50 EDT Re: Doh http://www.dslreports.com/forum/remark,8616258 DSLDUDE :
said by Theo2002 See Profile:
Who's to blame more, the lazy programmers or the "ingenious" spammers?


Hard to call them lazy when they post their software free for public use. I don't care if it had 100 security flaws, if it's FREE, then one should not complain...
--
»www.fnort.com]]> http://www.dslreports.com/forum/remark,8616258 Wed, 26 Nov 2003 18:50:14 EDT Doh http://www.dslreports.com/forum/remark,8616160 Theo2002 : Who's to blame more, the lazy programmers or the "ingenious" spammers?]]> http://www.dslreports.com/forum/remark,8616160 Wed, 26 Nov 2003 18:37:46 EDT