Re: Update from Rocky EL

Thu, 17 Dec 2020 11:35:42 -0800

I respectfully disagree with the analogy. It is true that an open source available to rebuild (without IP logos, etc.) is far better than closed source for reasons of software engineering (and security) upon which I can elaborate if there is interest.
However, having any product enter wide use, and in particular, mission critical production use, without oversight is hazardous. Everyone makes mistakes; however, some mistakes are bigger than others. Professional designs can be very wrong (e.g., Chernobyl). In the current epoch, Zoom is being widely deployed (it is default mandatory at my institution), but it was never tested at the current scale nor properly hardened, and is being patched as it is being used. 


If the "bazaar" (or the "cathedral", for that matter) offers (sells) a 
good or service that has long term hazards, or even short term post-sale 
hazards, others may never be informed of the reality.  In terms of wide 
area network computer information systems, we no longer live in the 
epoch of Arpanet or even NSFnet -- we live in a hostile environment with 
constant attacks.  Without frequent counter-measures (often through 
revisions), not just use-inhibiting defects appear, but actual 
compromises are perpetrated, including identity theft for criminal 
actions (sometimes done within the laws of the nation-state employing 
the actors in a clandestine service).


On 12/17/20 9:14 AM, P. Larry Nelson wrote:

This whole discussion brings to mind Eric Raymond's three essays;
later an iconic 1999 book: "The Cathedral and the Bazaar".
They discuss software development, culture and control, and business models
between open-source and closed-source models.

A decent synopsis of them can be found here:

https://urldefense.proofpoint.com/v2/url?u=https-3A__informatics.bmj.com_content_23_2_488&d=DwID-g&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=kTytgzKkdHhIqdndyIcBX0DwNa_qVjjolf67ZOV5G10&s=oyQdXE2psOUlCUbuAYDOan3V_Lie-oK7KsICGigaoDo&e= 


They bear revisiting, I think.



Teh, Kenneth M. wrote on 12/17/20 10:14 AM:

Hear hear!

-------------------------------------------------------------------------------- 

*From:* owner-scientific-linux-us...@listserv.fnal.gov 
<owner-scientific-linux-us...@listserv.fnal.gov> on behalf of Lamar 
Owen <lo...@pari.edu>

*Sent:* Thursday, December 17, 2020 10:04 AM
*To:* scientific-linux-users <SCIENTIFIC-LINUX-USERS@FNAL.GOV>
*Subject:* Re: Update from Rocky EL
On 12/16/20 9:55 PM, Yasha Karant wrote:

... The question I raised still needs to be addressed:  will Rocky EL 
be done by paid professionals (as with SL or Springdale Princeton EL) 
or will it be done by volunteers, some (many) of whom are "amateurs"? 
I am very concerned about the use in a production professional 
environment of an "amateur" port of RHEL.  ...

Conflating "amateur" with a lack of quality and "professional" with high
quality and guaranteed support is provably fallacious.

One of the very first RHEL rebuilds, White Box Enterprise Linux, was, to
use your notation, a "professional" production, sponsored by and for the
Beauregard Parish Public Library in DeRidder, Louisiana (read "County"
where they write "Parish," it's a Louisiana thing); see

https://urldefense.proofpoint.com/v2/url?u=https-3A__distrowatch.com_-3Fnewsid-3D01205&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=JTBeF2QPN2-NB4l7sB0VdZhNuE_mxophQaMcRPYwn5E&s=se-D6Q6pwAPkByDwIbTumyo9JAE46Eo5L8V6yTTzYvY&e= 



But being "professional" didn't guarantee success; the last release was
in 2007.  The "amateur" CentOS ended up with far better support with
mostly volunteers.  I have liked and respected the Scientific Linux
developers and their attitude for quite some time, but it honestly
wasn't a surprise to me when it was announced that there would be no
SL8.  The SL community seems to expect long-term support for any
arbitrary point release; that is really unsustainable with a small staff
and budget.

"Amateurs" can afford to dedicate more time in some cases than
"professionals;" in my own field at $dayjob the whole science of radio
astronomy owes its very existence to a talented and persistent amateur
by the name of Grote Reber.  Sure, Jansky made the initial discovery
while on Bell Labs' payroll (as a "professional" he had to follow his
employer's money and go to the next project); Reber did the legwork and

got others interested, paving the way for "professional" radio 
astronomers.


In another major area of physics, thermodynamics, medical doctor Julius
von Mayer was overshadowed by James Joule; it didn't help that von Mayer
was a medical doctor, not a "professional" physicist. (a good overview
of that history:

https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Mechanical-5Fequivalent-5Fof-5Fheat-23Priority&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=JTBeF2QPN2-NB4l7sB0VdZhNuE_mxophQaMcRPYwn5E&s=p0ZIGrcPxwlbndK4YUIC_ynHLup-BPnuyhqss6Ez9pY&e= 
).


In computer science (using the non-ACM generalized definition of that
term), well, all I need to say is "Linus Torvalds."  The very kernel you
run was an "amateur" creation, and for a number of years had no
"professional" support.  Likewise, the Debian distribution was started
by "amateurs" and still has many "amateur" contributors; Ubuntu, a
supposedly "professionally"-supported distribution bases its work on the
"amateur" Debian; a chain is no stronger than its weakest link, and if
any part of even a "professional" distribution is supported by
"amateurs" ... "professional" Linux distribution support is a house of
cards built on an "amateur" foundation.  It reminds me of the reasoning
in Ken Thompson's Turing Award acceptance lecture "Reflections on
Trusting Trust" (

https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cs.cmu.edu_-7Erdriley_487_papers_Thompson-5F1984-5FReflectionsonTrustingTrust.pdf&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=JTBeF2QPN2-NB4l7sB0VdZhNuE_mxophQaMcRPYwn5E&s=-rEo5cSVS2fhIGxF42uFd_CWmc6DGwZNL3uLrDtYeL4&e= 


).

One problem with relying on "professional" staff is that the entity
paying that staff has direct oversight into how much time they spend on
those problems; the funding entity's goals and any particular end user's
goals may differ dramatically, and the goals of the funder will trump
the goals of the user.  A second problem is that the same "professional"
staff can be hired away by another company.  A third problem is that
"professionals" expect to be paid; where does the salary come from?  The
fourth problem is since there is very likely to be fewer "professional"
staff supporting a revenue-negative project, each "professional" becomes
extremely important or maybe even indispensible, and the project might
have a hard time surviving a "bus incident" or even a major hurricane.
I've witnessed all four of these issues first-hand  RIP Seth.

The problem with "amateurs" is that they can quite literally walk away
without it negatively impacting their livelihood, and they're going to
work on what interests them, whether it interests the end-user or not.
I've witnessed "amateurs" walk away, try to delete everything they ever
contributed, and get mad when folks wouldn't forget what had been said.
At least with "amateurs" you can afford more of them, and have backups
for when people do leave.

As far as Rocky Linux is concerned, there is a middle ground where you
might have some paid developers and some volunteers; nothing wrong with
diversity here.  I would expect that, just like the Linux kernel itself,

that we'll see a mixture of paid developers and volunteers for Rocky 
Linux.

























					Reply via email to