[thelist] News Item: Major Security Flaw in CVS

David Kaufman david at gigawatt.com
Fri Jan 24 12:35:01 CST 2003


Jason Handby <jasonh at pavilion.co.uk> wrote...

> My point is really just that you can't rely on volunteer open-source
> programmers to regularly audit and examine all the code in a system
> if some of that code isn't very interesting/cool/sexy as far as they
> are concerned.  Probably better to have some way of ensuring it *all*
> gets looked at.

perhaps you can't, rely on that but many still do.

Evolt does: http://uptime.netcraft.com/up/graph/?site=evolt.org says: "The
site evolt.org is running Apache/1.3.26 (Unix) on Linux", i believe we use
PHP and Mailman quite successfully, too.

last time i checked, these were all quite successful systems of code
developed and maintained entirely by volunteer programmers like the ones you
say you can't rely on.

what about the code evolt members have volunteered to develop for evolt
itself, and make available to the public fo free:
http://www.evolt.org/evolt_source_code/

very few companies, even with the beneficial mechanisms of project managers
and contracts of employment, have been able to even get a foothold in the
software markets where they must compete with volunteer open source
programmers.  apache has made commercial web server software completely
irrelevant, and mozilla might yet do the same for web browsers.  sendmail
and qmail already dwarf exchange or notes in the email server areas, as bind
and qmail does for DNS service internet-wide.  the internet itself was built
using open source tools and, one might argue, would not even exist at all,
if commercial software vendors had been in on it at that early stage, as
each would have sought to introduce their own proprietary protocols, and
planned obsolescence into every piece of software to try and lock users into
buying their products and services.

hey, i'm a capitalist too.  but it's pretty obvious when one considers the
whole picture, that this vast body of open source software built by
volunteer developers has advanced the state of the art and pushed the level
of technology acceptance farther and faster into the matinstream than the
corporate software publishers and licensors ever could have, even with all
the managers, employees and contracts in the world.

</rant>

-dave




More information about the thelist mailing list