On 9/12/2022 1:58 PM, The Wanderer wrote: > On 2022-09-12 at 13:47, Chuck Zmudzinski wrote: > > > On 9/12/2022 12:14 PM, David Wright wrote: > > > >> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote: > > >>> The grub maintainers do not have the time or interest to fix it. > >>> Perhaps the Xen users could try to convince the Xen maintainers > >>> to do an nmu to fix it if the grub maintainers continue to ignore > >>> the bug, but I don't know if that breaks the etiquette that > >>> governs such things in the world of Debian developers - I am just > >>> a Debian user. > >> > >> There seems to be some attitude here. > > > > Well, I suppose so, but I am pleased that a grub maintainer is now on > > the case. Still, there is another Debian bug that affects me that > > continues to be ignored, so I admit I have an attitude about that. I > > accept that what is of grave or important severity to me is not > > necessarily of grave or critical severity to the official Debian > > maintainers and developers. I wish to merely point out that what is > > often said about the advantages and disadvantages of free, > > open-source software that is maintained by volunteers is true: > > > > An advantage is that the user has full access to the source code and > > is free to fix problems if the official releases have unpatched bugs > > but this of course costs time and resources devoted to solving > > problems that are not fixed promptly in the official release. A > > disadvantage is that often the priorities of the developers who > > release free, open source software are not always the same as the > > priorities of any particular user, so there is no guarantee that the > > developers of free, open source software will ever get around to > > fixing a problem that might be causing trouble for some subset of > > users of the software who very often just stop using the free, open > > source software and return to proprietary software that just works > > for them without a big hassle or effort to keep it working well and > > securely. > > I am inclined to dispute one aspect of this characterization. > > That which you cite here as a disadvantage is only a disadvantage > (relative to proprietary software) if the proprietary software does, as > you say, "just work for them". > > It is equally possible (if not more) to find that a given piece of > proprietary software does not meet your needs (because the priorities of > its developers, or at least the people who pay them, do not match your > priorities). > > If that happens, you don't even have the option of falling back to hack > the source and run your own version; you're effectively stuck. As I > understand matters, that is in fact the reason Free Software was > invented in the first place. > > With access to the source and appropriate license guaranteeing you the > right to modify it (et cetera), if the priorities of the developers > don't match yours you do at least have the possibility of going in and > fixing it yourself - whether as a patch to go upstream, or a public > fork, or even just a local fork. With proprietary software, you don't > have that option. > > As such, not only is this not a disadvantage unique to Free Software, > it's a disadvantage that exists even *worse* with proprietary software. >
I agree OSS that works well is much better than proprietary software, because it makes a software solution that works well accessible to all the users. The disadvantage is that in practice, OSS does not always work as well and is sometimes more buggy than proprietary software when, for example, the developers and maintainers are unwilling or unable to fix bugs or add features and the users do not have the ability to fix the problems or convince the developers to fix the problems, and it is especially a problem when the only reason the OSS supporters give for not fixing problems is: "we are just volunteers." Really good, secure software is not going to come from volunteers who are never required to at least explain why they fail to fix bugs that have a known fix but remain open for an unreasonably long time due to the lack of attention to the bug by the developers and maintainers. Unfortunately, this does happen in Debian, and as long as defenders of OSS continue to say, "they are just volunteers," there will always be a risk that the "volunteers" will be able to sabotage the real goals of OSS software. In the end, though, OSS is probably best because those who do sabotage OSS software eventually get caught precisely because the process of developing OSS is also open so the malice is eventually discovered by the community and the malicious actors are removed from positions where they can cause harm. Best regards, Chuck
