Please see below.. On Wed, 30 Jun 2004, Frank Knobbe wrote:
> On Wed, 2004-06-30 at 21:08, Paul Schmehl wrote: > > I'm right there with you, Frank, on one condition. You hold *every* > > software vendor to the same standard. > > [...] > > If we're going to require that software vendors produce flawless products, > > we're not going to have many software products. Even Postfix, which *to my > > knowledge* has never had a security issue, has had numerous bug fixes. > > (And I think so highly of Postfix that the first thing I do when I install > > a new OS is replace sendmail with Postfix.) > > Heya Paul, > > well, there is a difference between *free* stuff you choose to pull from > the Internet and run yourself. Community driven projects should require > that everyone running the product is doing there part to fix flaws (even > if it just means reporting it to someone who can fix it). They pretty much do. That is if the application is one that users have found worth supporting. > > The difference is with products you *pay for*. If you *buy* a product > you trade your money (perhaps chicken in other parts of the world) in > the amount considered to equal the worth of the product. You should > expect to receive a working product in return. > > My beef is that we started to accept broken products, and we assumes the > task of fixing broken products ourselves. That task should not fall on > us but on the manufacturer. So can I assume that you would allow a vendor to remotely patch your system? > > > We need better methodologies for finding bugs in software. > > Right. But we also need better methodologies for vendors to fix their > products. The emphasis here is on "the vendor fixing the broken > product". It should not be a burden on the consumer, but on the vendor. > Like I said, Do you REALLY want a vendor to install patches for you? > And yes, I'm not targeting Microsoft in particular, although they are > the most blatant abusers of consumer rights. I intentionally included > all manufacturer of commercial software products. > I think Frank that your starting to point out a problem for M$ and other vendors. They don't have the money to support there products any longer. M$ has somewhere like 20,000 payed programers, How many programers are working on open source products? 100,000 plus, maybe more. How do you expect a company like M$ to compete? I don't think they can. Denis > Cheers, > Frank > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
