"amicus_curious" <[email protected]> writes: > "Alan Mackenzie" <[email protected]> wrote in message > news:[email protected]... >> In gnu.misc.discuss amicus_curious <[email protected]> wrote: >>> >>> "Rahul Dhesi" <[email protected]> wrote in message >>> news:[email protected]... >>>> "amicus_curious" <[email protected]> writes: >> >>>>>That gives FOSS a bad name. Who wants to use stuff like that and risk >>>>>getting bitten by the looney tunes that think software is some kind of >>>>>religious experience? >> >>>> There is a lot of truth in what you wrote, and it's not specific to free >>>> software. Enforcement of copyright (and patents) often gives the >>>> enforcer a bad name. >> >>> I don't suggest that enforcement itself is the problem, it is the >>> enforcement of meaningless requirements. If the RIAA pinches some >>> downloader, they get a few thousand bucks or more in return. That, at >>> least, makes some sense as to why the RIAA is being so diligent. >>> But just >>> having another unvisited site for some out of date source code is hardly >>> worth the time and effort of the courts to go along on this ego trip. >> >> It's hardly meaningless. It means the source code is available. >> > An old version of BusyBox? How wonderful for you all!
The version used in the router. Which means that you can determine exactly what security advisories apply, and you can apply them yourself. And yes, to some sysadmins it is important to be able to figure out vulnerabilities of their hardware. >> They're likely to want the source of the version embedded in their >> Actiontec box. For example, to diagnose a problem, or to complain >> about its out-of-dateness, or to check it for security problems. >> > It is a silly little router for goodness' sake! Nothing proprietary > about that, these things are as old as the hills. A "silly little router" does not need a complete userland utility set like Busybox. And most certainly routers contain proprietary components, both hardware and firmware. > The money and quality differences are in the hardware, not the > firmware. Security implications are in the firmware. > No one other than router hardware makers give a hoot about it and they > all use pretty much the same stuff. If there is a problem with it, it > gets tossed in the waste basket and another unit is installed to > replace it. How do you tell whether a router (or its replacement) has a particular weakness without being able to look at the source code? Disassembly is quite more cumbersome. > If it fails early, it gets returned to the store or to the > manufacturer for credit. If your whole computing centre gets compromised because a packet logger could be inserted into the router, return to the store is your least problem. Being able to determine possible scope of a security breach is certainly important. -- David Kastrup _______________________________________________ gnu-misc-discuss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-misc-discuss
