koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to DSLDUDE
Re: Doh
The fact something is free doesn't automatically void the authors from being responsible for flaws in their code.
Open-source should NOT be used as a way for programmers to get around having to take responsibility for something they've created. The more it becomes such, the more crap software we're going to see in times to come.
--
Making life hard for others since 1977. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | who says they are not being responsible? seems to me, they take at least as much an interest in a quick fix as any for-cash software company does. And try asking microsoft or oracle for damages when their software has a problem! |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| In the case of the MT folks, they've been generally pretty responsible when it comes to providing patches and being up-front with users about the impact of bugs or security flaws. It's good to see that some open-source developers still believe in taking responsibility for their code.
My statement was more general than it was specific to the MT authors; the majority of my experiences with OSS authors has been "since we give you the code, you can fix the problem yourself." It's that kind-of excuse which makes me wonder how many people live in hobbit holes...
--
Making life hard for others since 1977. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | really? that doesn't sound like any OSS projects I can imagine. Are you sure you are not confusing requests for features you want, which may of course be ignored, with notification of important bugs and security problems? |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| I've spent too many years working with OSS to confuse the two. The response I speak of I've received from members of the Apache team (re: RFC931/1413 flaw which could lead to a buffer overflow and still exists today, re: zombie processes caused on many systems in 1.3.29), developers of SpamAssassin (re: spamd leaving zombie processes around on BSD systems), BIND 8.x (re: potential security hole: zone transfer tempfiles put in main root dir only when using key-based authentication, requiring the daemon to have full rwx access to /etc/namedb, rather than putting them in the appropriate zone directory from each zone directive), GNU screen (re: code checking for ~/.nethackrc despite "nethack off" being specified in .screenrc), PHP 4.x (re: returning status code of 200 regardless of what Apache says is a legitimate command; still exists today), FreeBSD sendmail updates (re: expanding etc/mail/Makefile to support sendmail's "cidrexpand" script so one can use CIDR notation in etc/mail/access; this is more of a feature, but the response was a real let-down) and numerous other mainstream applications.
I've been trying to keep a list of all the issues I've reported which go either unresponded to or illicit the standard "You have the source, fix it yourself" response, but I run into stuff too often to maintain a coherent list...
I'm just one guy with very interesting experiences with the OSS community, most of them negative. But it still warms my heart (honestly) when I see an OSS developer step in and say "Thanks for reporting this! I'll provide and commit a patch in a few minutes," or simply push out a new release.
Anyways, without getting too off track, my point is that peoples' responsibilities shouldn't be nullified whether or not the application is free or commercial.
--
Making life hard for others since 1977. |
|
Rambo76098
join:2003-02-21
Pataskala, OH
| reply to justin
said by justin  :
who says they are not being responsible? seems to me, they take at least as much an interest in a quick fix as any for-cash software company does. And try asking microsoft or oracle for damages when their software has a problem!
Yeah but the last time i checked this was free and all the microsoft products i have i paid out my ass for. If im paying as much as i did for windows or office then im expecting it to be a good, quality, error free program(which windows is not!) but if something is free i will be happy if it works at all b/c i paid nothing for it and as long as my comp is not damaged or compromised, then i could care less. |
|
