Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/15/22 11:45 AM, Maude Summerside wrote: > > On 2022-09-14 23:23, Chuck Zmudzinski wrote: > > On 9/14/2022 11:01 PM, Maude Summerside wrote: > >> > >> On 2022-09-14 21:45, Michael Stone wrote: > >>> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote: > I'll be brutally honest: being accused of "possibly malicious" > unwilligness is *not* a great way to convince overstretched volunteers > to spend their time on issues. > >>> > >>> Especially when it's an ongoing pattern of discourse. > >>> > >> > >> I think there's many barrier that discourage people from wanting to > >> contribute to many project. I feel some developer use the community as > >> unpaid beta tester but don't go further into accepting contribution. > >> > >> For sure, having managed some project, I have to say that it's hard to > >> accept contribution that will add new functions to as software when > >> these come from a unknown contributor. Not because of being scared of > >> malicious intent (unless the person is really paranoid but that's > >> another story). Simply because adding a new function means having to > >> support it's ongoing development and there's no guarantee that the > >> contributor will do so. Same goes on for code contributed that needs > >> refactoring, that are badly documented, etc. But all this need some good > >> social behavior from the project owner/manager. > > > > As a user of the Debian software and a user of the BTS, I am discouraged not > > because new contributions or functions are being rejected, but because bugs > > are not being fixed. Those are two very different things. Maybe it's just > > too hard > > for volunteers to fix the bugs and make Debian better, and maybe we need to > > pay the volunteers so they are not volunteers anymore and will be motivated > > to actually fix the Debian software. The fact that Debian is created by > > volunteers > > is probably one of the really big disadvantages of Debian software. > > > I think there's a piece missing hugely in *your* equation. > The package maintainer are the LAST line of resort when there's a bug to > fix. Sure you can report them thru BTS but they'll transmit those > upstream to the original software developer. Not in my experience. Most upstream projects say users should report bugs to the distro first and let the distro's maintainers decide what to do. The bugs I see that the Debian maintainer *should* forward to the upstream project usually fail to do that. Of two cases of bugs affecting my machine this past couple of years, one I reported the bug to Debian, Debian's maintainer ignored it, I found the fix after a long bisecting process and the fix was in the upstream part of the code. So I tagged the bug with patch and upstream and waited for the maintainer to forward the bug. The maintainer again ignored it so I had the opportunity to make a contribution to an upstream project and I submitted the patch to the upstream project myself and when it was committed upstream I tagged the bug fixed upstream on BTS and now the bug is closed. That is a happy ending to a bug report. The other one this year both Debian and the upstream project, the Linux kernel, are ignoring the bug and that is the one I described in a post earlier today to this list when I also asked the community a question about systemd, udev, and the coldplug all devices stage of boot where the bug happens. This bug is still not a happy ending, at least for those who want the bug fixed. I am not the one who reported it. I would not be surprised if the one who reported it gave up on it and switched to Fedora or another distro that has fixed the bug in their distro. It is the kind of bug that can be fixed in *either* the Linux kernel upstream code or in the systemd/udev configuration by the distro. But Debian maintainers are just volunteers so they cannot fix it. At least that is what everyone here is telling me. > > What would happened if every bug was fixed by the Debian maintainer ? > We'd end up having two different source code because at every bug fix > there would be a different tree of source code being built. Most users are not able to determine when they report a bug if it is in the upstream or Debian part. I learned how to find where the bug is because no one else in the free software world would do it. You advocate for a world where every user can fix their own bugs and the maintainers can complain they can't fix bugs because they are just volunteers. That doesn't make sense to me. The BTS is useful because users do post workarounds for the bugs that the maintainers don't fix, but users are mistaken if they think when they report a bug the maintainer will see to it that it will get fixed. I also think the bot that says the maintainer will respond to you in due course sometimes lies because in some cases the maintainer never responds. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Maude Summerside wrote: > > > On 2022-09-14 21:45, Michael Stone wrote: > > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote: > >> I'll be brutally honest: being accused of "possibly malicious" > >> unwilligness is *not* a great way to convince overstretched volunteers > >> to spend their time on issues. > > > > Especially when it's an ongoing pattern of discourse. > > > > I think there's many barrier that discourage people from wanting to > contribute to many project. I feel some developer use the community as > unpaid beta tester but don't go further into accepting contribution. > > For sure, having managed some project, I have to say that it's hard to > accept contribution that will add new functions to as software when > these come from a unknown contributor. Not because of being scared of > malicious intent (unless the person is really paranoid but that's > another story). Simply because adding a new function means having to > support it's ongoing development and there's no guarantee that the > contributor will do so. Same goes on for code contributed that needs > refactoring, that are badly documented, etc. But all this need some good > social behavior from the project owner/manager. I quite like the approach taken by Espen Jurgensen, project owner of Owntone (formerly forked-daapd). If a feature is requested and he thinks he might want to use it, he brings it in. If he doesn't see a point for his own usage but thinks that other people might want it, he asks the contributor to maintain a fork for a few months. The initial bugs get worked out by someone who cares about it, and then a pull request can be made to bring it back to the main branch. -dsr-
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-14 23:23, Chuck Zmudzinski wrote: > On 9/14/2022 11:01 PM, Maude Summerside wrote: >> >> On 2022-09-14 21:45, Michael Stone wrote: >>> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote: I'll be brutally honest: being accused of "possibly malicious" unwilligness is *not* a great way to convince overstretched volunteers to spend their time on issues. >>> >>> Especially when it's an ongoing pattern of discourse. >>> >> >> I think there's many barrier that discourage people from wanting to >> contribute to many project. I feel some developer use the community as >> unpaid beta tester but don't go further into accepting contribution. >> >> For sure, having managed some project, I have to say that it's hard to >> accept contribution that will add new functions to as software when >> these come from a unknown contributor. Not because of being scared of >> malicious intent (unless the person is really paranoid but that's >> another story). Simply because adding a new function means having to >> support it's ongoing development and there's no guarantee that the >> contributor will do so. Same goes on for code contributed that needs >> refactoring, that are badly documented, etc. But all this need some good >> social behavior from the project owner/manager. > > As a user of the Debian software and a user of the BTS, I am discouraged not > because new contributions or functions are being rejected, but because bugs > are not being fixed. Those are two very different things. Maybe it's just too > hard > for volunteers to fix the bugs and make Debian better, and maybe we need to > pay the volunteers so they are not volunteers anymore and will be motivated > to actually fix the Debian software. The fact that Debian is created by > volunteers > is probably one of the really big disadvantages of Debian software. > I think there's a piece missing hugely in *your* equation. The package maintainer are the LAST line of resort when there's a bug to fix. Sure you can report them thru BTS but they'll transmit those upstream to the original software developer. What would happened if every bug was fixed by the Debian maintainer ? We'd end up having two different source code because at every bug fix there would be a different tree of source code being built. Sure maintainer will fix bug that are Debian specifics. Didn't this ever went in your consideration ? Maybe you should take some time to read the different documentations relating to the roles of everyone and this would save lot of useless anger on your side. > Best regards, > > Chuck > -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Jude "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) . On Wed, 14 Sep 2022, Steve McIntyre wrote: > Stefan wrote: > In article you > write: > >> the interest of the user. These "volunteers" obviously have other, > >> possibly malicious, interests if they prove themselves unwilling to > >> apply fixes to bugs that are reported to them. > > > >I think there's a confusion here: these volunteers will also have > >"other, possibly malicious, interests" even if they are willing/eager > >to apply fixes to bugs that are reported to them. > > > >Same goes for people you pay, so it's not specific to volunteers. > >And of course it's also not specific to a particular kind of license. > > Thanks Stefan, it's great to see that some people understand the > issues. > > I'll be brutally honest: being accused of "possibly malicious" > unwilligness is *not* a great way to convince overstretched volunteers > to spend their time on issues. > > I think an appropriate analogy for proprietary versus open source software is the American Electoral College compared to The American General Election. The difference in the number of minds brought to apply to each I think parallels proprietary versus open source software and whatever effects attach to both. Open source additionally has the internet which varies in support quality but is far larger than any proprietary operation.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/14/2022 11:01 PM, Maude Summerside wrote: > > On 2022-09-14 21:45, Michael Stone wrote: > > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote: > >> I'll be brutally honest: being accused of "possibly malicious" > >> unwilligness is *not* a great way to convince overstretched volunteers > >> to spend their time on issues. > > > > Especially when it's an ongoing pattern of discourse. > > > > I think there's many barrier that discourage people from wanting to > contribute to many project. I feel some developer use the community as > unpaid beta tester but don't go further into accepting contribution. > > For sure, having managed some project, I have to say that it's hard to > accept contribution that will add new functions to as software when > these come from a unknown contributor. Not because of being scared of > malicious intent (unless the person is really paranoid but that's > another story). Simply because adding a new function means having to > support it's ongoing development and there's no guarantee that the > contributor will do so. Same goes on for code contributed that needs > refactoring, that are badly documented, etc. But all this need some good > social behavior from the project owner/manager. As a user of the Debian software and a user of the BTS, I am discouraged not because new contributions or functions are being rejected, but because bugs are not being fixed. Those are two very different things. Maybe it's just too hard for volunteers to fix the bugs and make Debian better, and maybe we need to pay the volunteers so they are not volunteers anymore and will be motivated to actually fix the Debian software. The fact that Debian is created by volunteers is probably one of the really big disadvantages of Debian software. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-14 21:45, Michael Stone wrote: > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote: >> I'll be brutally honest: being accused of "possibly malicious" >> unwilligness is *not* a great way to convince overstretched volunteers >> to spend their time on issues. > > Especially when it's an ongoing pattern of discourse. > I think there's many barrier that discourage people from wanting to contribute to many project. I feel some developer use the community as unpaid beta tester but don't go further into accepting contribution. For sure, having managed some project, I have to say that it's hard to accept contribution that will add new functions to as software when these come from a unknown contributor. Not because of being scared of malicious intent (unless the person is really paranoid but that's another story). Simply because adding a new function means having to support it's ongoing development and there's no guarantee that the contributor will do so. Same goes on for code contributed that needs refactoring, that are badly documented, etc. But all this need some good social behavior from the project owner/manager. There's people who just think "I've done something free if people are happy they use it, if they ain't they continue their journey". Those don't accept criticism. But that's all part of the human behavior. -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/14/22 6:16 PM, Steve McIntyre wrote: > Stefan wrote: > In article you > write: > >> the interest of the user. These "volunteers" obviously have other, > >> possibly malicious, interests if they prove themselves unwilling to > >> apply fixes to bugs that are reported to them. > > > >I think there's a confusion here: these volunteers will also have > >"other, possibly malicious, interests" even if they are willing/eager > >to apply fixes to bugs that are reported to them. > > > >Same goes for people you pay, so it's not specific to volunteers. > >And of course it's also not specific to a particular kind of license. > > Thanks Stefan, it's great to see that some people understand the > issues. > > I'll be brutally honest: being accused of "possibly malicious" > unwilligness is *not* a great way to convince overstretched volunteers > to spend their time on issues. > Thank you Steve, for the work you do as maintaining the grub software packages on Debian. I am not against giving maintainers like Steve just compensation for the work they do fixing bugs, and by compensation I mean money. Why not require the user to pay a small fee when reporting a bug which can be used to provide just compensation for the services the maintainers provide to the community when the maintainer fixes bugs? I would be willing to pay a reasonably small fee that would go to the maintainers who worked on the bug and successfully fixed it. I'll be brutally honest: Being accused of being a troll is *not* a great way to convince Debian users who want to contribute to and help Debian to spend their free time helping maintainers fix the bugs reported to the BTS. I also suspect many users agree with me, but are afraid to say so for fear of being accused of being a troll. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote: I'll be brutally honest: being accused of "possibly malicious" unwilligness is *not* a great way to convince overstretched volunteers to spend their time on issues. Especially when it's an ongoing pattern of discourse.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-14 17:06, Thiemo Kellner wrote: > Am 14.09.22 um 18:39 schrieb Maude Summerside: >> This is where intellectual shortcut starts... >> Free/OSS doesn't mean GPL. >> There's plenty of Free/OSS software that the copyright owner retains >> right to commercial licensing. Just look at libraries, some of them will >> be in such a licensing term that if you use the free version, you have >> to share your code if you distribute it but they offer a commercial >> license that allow you to link and distribute without source code. If >> you only stick to Debian, no such thing because they aren't in the >> licensing term accepted for distribution. >> >> But let say QT, you have a free version, force you to distribute freely >> if linked against or you go with the commercial license. >> >> Why would the owner of the copyright regarding Chromium (that can write >> their own terms) couldn't reserve himself a right to make a closed >> source version (like Google Chrome, owned by the owner of Chromium >> license). >> >> Something taking a break and make some research just shows off that we >> don't only know how to type code, but we have a bit more knowledge than >> that, regarding mostly real life example of what's also part of the >> ecosystem. > Thanks for trying to point out. I am afraid, it is beyond me as is dual > licensing in general. > We all have our forces and weakness, so we are all the same. I'm probably not as fast as you can be for writing JavaScript code, HTML, or whatever you do. But my force is mostly at project management, legal and business side of IT solutions. I've driven mostly medical projects so I'm pretty used to the *thingy* related to licensing. The error I see the most often is generalizing a situation, in this case thinking that GPL means Free/OSS. And even there free ain't OSS. One of the reason behind the birth of MariaDB was such a dual licensing change to MySQL when eveil-Oracle purchased the right to the software. -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Stefan wrote: In article you write: >> the interest of the user. These "volunteers" obviously have other, >> possibly malicious, interests if they prove themselves unwilling to >> apply fixes to bugs that are reported to them. > >I think there's a confusion here: these volunteers will also have >"other, possibly malicious, interests" even if they are willing/eager >to apply fixes to bugs that are reported to them. > >Same goes for people you pay, so it's not specific to volunteers. >And of course it's also not specific to a particular kind of license. Thanks Stefan, it's great to see that some people understand the issues. I'll be brutally honest: being accused of "possibly malicious" unwilligness is *not* a great way to convince overstretched volunteers to spend their time on issues. -- Steve McIntyre, Cambridge, UK.st...@einval.com "We're the technical experts. We were hired so that management could ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Am 14.09.22 um 18:39 schrieb Maude Summerside: This is where intellectual shortcut starts... Free/OSS doesn't mean GPL. There's plenty of Free/OSS software that the copyright owner retains right to commercial licensing. Just look at libraries, some of them will be in such a licensing term that if you use the free version, you have to share your code if you distribute it but they offer a commercial license that allow you to link and distribute without source code. If you only stick to Debian, no such thing because they aren't in the licensing term accepted for distribution. But let say QT, you have a free version, force you to distribute freely if linked against or you go with the commercial license. Why would the owner of the copyright regarding Chromium (that can write their own terms) couldn't reserve himself a right to make a closed source version (like Google Chrome, owned by the owner of Chromium license). Something taking a break and make some research just shows off that we don't only know how to type code, but we have a bit more knowledge than that, regarding mostly real life example of what's also part of the ecosystem. Thanks for trying to point out. I am afraid, it is beyond me as is dual licensing in general. -- Signal (Safer than WhatsApp): +49 1578 7723737 Threema (Safer than WhatsApp): A76MKH3J Handy: +49 1578 772 37 37
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-14 08:31, Chuck Zmudzinski wrote: >>> For example, most web >>> browsers are based on chromium, a free oss project that comes in large part >>> from >>> Google, but some of the most-used browsers in the world based on chromium >>> are proprietary, such as chrome and edge. >> I am not sure that this holds true. I would be quite surprised that >> chromium or edged can legally use code of a OSS browser, being CSS. But >> I am not an attorney. This is where intellectual shortcut starts... Free/OSS doesn't mean GPL. There's plenty of Free/OSS software that the copyright owner retains right to commercial licensing. Just look at libraries, some of them will be in such a licensing term that if you use the free version, you have to share your code if you distribute it but they offer a commercial license that allow you to link and distribute without source code. If you only stick to Debian, no such thing because they aren't in the licensing term accepted for distribution. But let say QT, you have a free version, force you to distribute freely if linked against or you go with the commercial license. Why would the owner of the copyright regarding Chromium (that can write their own terms) couldn't reserve himself a right to make a closed source version (like Google Chrome, owned by the owner of Chromium license). Something taking a break and make some research just shows off that we don't only know how to type code, but we have a bit more knowledge than that, regarding mostly real life example of what's also part of the ecosystem. -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
People of debian-user :) This thread does seem to be degenerating slightly into accusations and name-calling, justified or not. Without prejudice to anyone: please may I remind you that debian-user and all Debian lists and IRC channels are subject to the Debian Code of Conduct. It would be very much appreciated if disagreements could be resolved constructively and in a positive way. Ad hominem attacks don't help anyone here. Taking a breath / walking away from the keyboard for half a day might also help get a sense of perspective in any mailing list opinion difference. (And yes, I know about https://xkcd.com/386/ and the difficulty that brings). With every good wish, as ever, Andy Cater [For and on behalf of the Debian Community Team]
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/14/2022 9:06 AM, The Wanderer wrote: > On 2022-09-14 at 08:51, Chuck Zmudzinski wrote: > > > On 9/14/2022 1:03 AM, to...@tuxteam.de wrote: > > > >> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote: > >> > >> [...] > >> > >>> Actually, someone already has shown us how to do it better. His name is > >>> Linus Torvalds [...] > >> > >> I don't know what your aim is. > >> > >> I have the impression that it's just arguing for arguing's sake [1]. > >> > >> [1] in the classical sense of "trolling", as per Wikipedia: > >> "In Internet slang, a troll is a person who posts inflammatory, > >> insincere, digressive,[1] extraneous, or off-topic messages in > >> an online community [...], with the intent of provoking readers > >> into displaying emotional responses,[2] or manipulating others' > >> perception. > >> https://en.wikipedia.org/wiki/Trolling > > > > So you are accusing me of being a troll. Well, it takes one to know one. > > No, it very much does not. > > > Congratulations! I am starting my own list of trolls on debian-user and > > you are the first member of that list. > > Given the long, long history of helping people that Tomas has on this > mailing list, I think that if you want to convince anyone other than > yourself that Tomas is a troll, you're going to have a *very* heavy lift > (or a whole lot of lying) ahead of you. > > (Mind, by my personal definition - which is a bit different from the > above, though probably still largely compatible - I'm not entirely > convinced that you're a troll either. But you're *definitely* behaving > in such a way that I do not blame others for reaching that conclusion.) I admit that I behaved like a troll when i tried to enter into a conversation with Tomas. I do know he helps many people on this list, that is something good he does. But on this thread, he also behaved like a troll and caused me to also behave like a troll. That is a fact, if anyone wants to take the time to look at what he said, the things he omitted in his replies, etc. I especially noted his response to my introduction of the idea in this thread that open source projects like Debian consider themselves communities, and I wanted to emphasize that those who volunteer to help out with Debian or other free software communities should not serve their own interests but the interests of the community. After I made those points, that is when Tomas started his ad hominum attacks against me and turned the conversation away from what it means for Debian to be a community and changed it into an ad hominum attack against me. It causes me to think there are some aspects of the idea of Debian as a community that are offensive to him. From what he actually did in this thread, I am inclined to think his idea of Debian as a community is that it is a community of developers only, and not of users. Maybe he is right about that. Maybe Debian *is only* a community of the one thousand or so Debian developers with voting rights, and the rest of us are trolls if we dare to express our opinions as mere Debian users on the debian-user list or on any other Debian hosted forum. So I am going to be very careful about trying to have an objective conversation with Tomas, given what I actually saw him do in this thread, and given the mistake I made by letting him bait me into appearing to be a troll. I will be careful to not let that happen again. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 7:11 PM, Thiemo Kellner wrote: > Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski: > > > > > I am fairly sure I was a victim of > > the breach of Yahoo that affected hundreds of millions of its users. > I am sorry for you. I do not know this case, so I cannot tell whether > OSS or CSS components of their service were breached, or even a social > engineering case. There is information about the Yahoo data breach on the Internet, including the $117 million class action case on behalf of 194 million class members: https://www.cnbc.com/2020/02/06/what-to-do-if-you-got-email-from-yahoo-about-a-data-breach-settlement.html I don't know if there is enough information available in the public domain to determine to what extent free/oss software might have contributed to that data breach. I do remember Yahoo admitted the number of affected accounts was around 500 million. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-14 at 08:51, Chuck Zmudzinski wrote: > On 9/14/2022 1:03 AM, to...@tuxteam.de wrote: > >> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote: >> >> [...] >> >>> Actually, someone already has shown us how to do it better. His name is >>> Linus Torvalds [...] >> >> I don't know what your aim is. >> >> I have the impression that it's just arguing for arguing's sake [1]. >> >> [1] in the classical sense of "trolling", as per Wikipedia: >> "In Internet slang, a troll is a person who posts inflammatory, >> insincere, digressive,[1] extraneous, or off-topic messages in >> an online community [...], with the intent of provoking readers >> into displaying emotional responses,[2] or manipulating others' >> perception. >> https://en.wikipedia.org/wiki/Trolling > > So you are accusing me of being a troll. Well, it takes one to know one. No, it very much does not. > Congratulations! I am starting my own list of trolls on debian-user and > you are the first member of that list. Given the long, long history of helping people that Tomas has on this mailing list, I think that if you want to convince anyone other than yourself that Tomas is a troll, you're going to have a *very* heavy lift (or a whole lot of lying) ahead of you. (Mind, by my personal definition - which is a bit different from the above, though probably still largely compatible - I'm not entirely convinced that you're a troll either. But you're *definitely* behaving in such a way that I do not blame others for reaching that conclusion.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/14/2022 1:03 AM, to...@tuxteam.de wrote: > On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote: > > [...] > > > Actually, someone already has shown us how to do it better. His name is > > Linus Torvalds [...] > > I don't know what your aim is. > > I have the impression that it's just arguing for arguing's sake [1]. > > [1] in the classical sense of "trolling", as per Wikipedia: > "In Internet slang, a troll is a person who posts inflammatory, > insincere, digressive,[1] extraneous, or off-topic messages in > an online community [...], with the intent of provoking readers > into displaying emotional responses,[2] or manipulating others' > perception. > https://en.wikipedia.org/wiki/Trolling > So you are accusing me of being a troll. Well, it takes one to know one. Congratulations! I am starting my own list of trolls on debian-user and you are the first member of that list. Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/14/2022 7:08 AM, debian-u...@howorth.org.uk wrote: > > On 9/13/2022 3:59 PM, err...@free.fr wrote: > > > Please STOP! > > > > > > you are annoying, and if you want improve free softwares, is not > > > like this. you will better contribute with your code or with your > > > translations than by writing to this mailing-list > > I agree with the sentiments of annoyance and that this thread should > stop now, please. Not everyone agrees, because some have still been making comments here that in my opinion and theirs are constructive and not just trolling. > > > The problem is, with all due respect, that I do have my code > > improvements for free software, but some free software people do not > > want to accept my contributions but instead want to allow the free > > software to continue to have the bugs, and they will not explain > > themselves either. Why should I waste my time contributing to > > software projects who do not want my contributions? Treating people > > who want to contribute this way is not the way to gain more advocates > > for free software! > > But again you have been asked before to be specific about your > objections, so a link to your proposed code improvements and whatever > conversation there was when you submitted them would go some way to > justifying the space and time you have already wasted on this list. > > > > I want you kicked from this list. > > > > Well, if you get me kicked off, I will be kicked off. But that is not > > the way to build a community of people trying to make good software. > > That is all I am advocating for, and I am really surprised to be > > treated this way on this list for advocating for improved software in > > Debian. I guess the trolls on here do not really want to increase the > > number of people working on improving Debian. But without more > > people, Debian cannot possibly provide quality support for 59,000 > > free software packages. That is just a fact, even it no one here > > wants to acknowledge it. > > I haven't seen much evidence of trolls here, apart from yourself. I did make the mistake of feeding a couple of trolls, from now on I will ignore them. They baited me into appearing as a troll by refusing to acknowledge a simple truth and forcing me to say the same obvious truth over and over again, and I understand why some people might be annoyed by that. Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 7:11 PM, Thiemo Kellner wrote: > Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski: > > On 9/13/2022 4:14 PM, Thiemo Kellner wrote: > > I think Megha is emphasizing, and possibly over-emphasizing, the fact > > that the persons > > who actually commit the code in free software projects can operate with > > little or > > no oversight when they are just volunteers not really accountable to anyone. > And I very much think she is wrong there. Being software developer > myself, unfortunately closed source mainly, I can tell that oversight is > not related to the licensing model or the pay of the developer. I would > go to the length to say that volunteers take, in general, a bigger pride > in the quality of their work, because they are not payed for it. The few > quite fruitless attempts in writing OSS, I took, failed sometimes > because I intend to create the perfect solution and thus not > progressing, whereas in the work for money I am often forced to > implement a working solution I can tell from the start, it will not be > easily maintainable or extendable. > > to think the situation might be better if either 1) open source projects > > exercised more > > oversight than they currently do over the persons who actually write the > > code and > > release the software > As I already told. In over 25 years of experience, I do not have > complaints about the oversight taken by OSS projects, where as I > regularly can complain about closed source payed for software. In the > past two weeks I was hunting down a problem we had with IBM DataStage. > One of the parallel subprocess terminated unexpectedly and all the > message DataStage cared to give was that the subprocess received a > SIGINT. We hope to have work around, because we could not find the > source. To me, one of the worst things one can do as developer not to > have proper error reporting - unless you know, you will not get bothered > when the shit starts to hit the fan. > > , or 2) free/oss software never became ubiquitous. We just cannot > > know without being able to do a time machine experiment and see how the > > software > > world would have developed if free/oss software had not become as > > ubiquitous as it is > > today. > I cannot agree with you at all on this point. Omnipresence of OSS does > not mean there are more error in the code. It just means there are more > users to detect problems, thus more possiblities for the bugs to get > fixed. Sure, if OSS developers are overloaded the will not get to fix > all the problems, just as developers on CSS (closed source software). > Much more, because the sales man can sell better new shiny features even > if useless, than stable code. The buyer expects that flaws get fixed for > free, maybe rightly so, thus the CSS company will fix as few bugs it can > get away with (exageration). > > If there was not a serious problem of malware, identity theft, ransomware, > > etc., > > I would be more inclined to question what Megha Verma wrote, but based on > > what > > I see in how free/oss projects are governed, I am not surprised that a > > world that relies > > on so much free/oss software also suffers from so much malware, ransomware, > > identity > > theft, etc. > Again, my experience with OSS is not this one. And I very much think, > that malware, ransomware usually is software on its own not built-in any > software. Maybe exploiting a backdoor a company put in their products > for ease of maintenance or just by negligence. Identity theft sounds > like social engineering or man in the middle attack. The latter not > necessarily being a problem of OSS. > > Just because *you* have not experienced malware in the software you use > > does not mean that there are no cases where free/oss software is being > > deployed > > elsewhere in a stealthy way for malicious purposes. > > I did not state that OSS was free of flaws and bugs. I am make a point > to state that in my experience there are fewer bugs therein than in CSS. > > > I am fairly sure I was a victim of > > the breach of Yahoo that affected hundreds of millions of its users. > I am sorry for you. I do not know this case, so I cannot tell whether > OSS or CSS components of their service were breached, or even a social > engineering case. > > > > I know people will reply and say it is much worse with proprietary > > software. But we > > really cannot know for sure, because free/oss is so ubiquitous now it is > > hard to > > separate free/oss software from proprietary software. > > I certainly can tell my experience comparing OSS to CSS. And there I OSS > gets better off. And for the rest, well I cannot tell it is this or the > other way around at all. > > > For example, most web > > browsers are based on chromium, a free oss project that comes in large part > > from > > Google, but some of the most-used browsers in the world based on chromium > > are proprietary, such as chrome and edge. > I am
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 6:47 PM, Stefan Monnier wrote: > > If free/oss projects like Debian want to provide software with those > > positive characteristics to their users, those projects must have in > > place some level of oversight over what the persons who actually write > > the software actually do, or don't do in the case of failing to fix > > bugs that could easily be fixed, so that the goals of quality, useful, > > safe, and secure software are reached. > > That's why I like Free Software: all of this is done out in the open, > making oversight particularly easy. > > For proprietary code you generally simply can't do that at all because > it's all kept secret. > > > Stefan > We really agree on this point, thanks. Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 4:38 PM, Stefan Monnier wrote: > > The users. They stop using software or any product that does not work > > well or is more trouble than it is worth. Then the entity, whether > > a free/oss or proprietary provider ends up shutting down > > the enterprise. > > But, being Free Software, any remaining user can keep using it, > improving it, checking if it contains any back doors, hire someone else > to do it, etc... > > >> You do realize that nobody enforces that on proprietary software > >> either, right? > > The users do, in the marketplace - and what is not used by enough > > users eventually disappears. > > That's right. And then you're typically completely screwed even if it > happened to work well for you. > > The company will also blissfully ignore your requests if you're part of > too-small a slice of their users. Ever tried to get an `armhf` binary for > a proprietary GNU/Linux software? > > > I think it is true that the "best" software development model depends > > less on free/oss vs. proprietary and more on the wisdom, foresight, > > integrity, and technical expertise of those doing the work and making > > the important decisions. > > I don't care which is better. I just prefer not to depend on the > goodwill of a company (most of which I know act against my interest; > probably inevitably because they are beholden to their shareholders). Of course you know many of those companies that you know act against your interests have employees who "volunteer" to contribute to free/oss software projects, so in practice the free/oss software is not free from this problem, but a truly open project can make it possible to find out which volunteers are not acting in the true interests of those who advocate for the benefits of free/oss software, and this is not possible in secretive, proprietary organizations. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
> On 9/13/2022 3:59 PM, err...@free.fr wrote: > > Please STOP! > > > > you are annoying, and if you want improve free softwares, is not > > like this. you will better contribute with your code or with your > > translations than by writing to this mailing-list I agree with the sentiments of annoyance and that this thread should stop now, please. > The problem is, with all due respect, that I do have my code > improvements for free software, but some free software people do not > want to accept my contributions but instead want to allow the free > software to continue to have the bugs, and they will not explain > themselves either. Why should I waste my time contributing to > software projects who do not want my contributions? Treating people > who want to contribute this way is not the way to gain more advocates > for free software! But again you have been asked before to be specific about your objections, so a link to your proposed code improvements and whatever conversation there was when you submitted them would go some way to justifying the space and time you have already wasted on this list. > > I want you kicked from this list. > > Well, if you get me kicked off, I will be kicked off. But that is not > the way to build a community of people trying to make good software. > That is all I am advocating for, and I am really surprised to be > treated this way on this list for advocating for improved software in > Debian. I guess the trolls on here do not really want to increase the > number of people working on improving Debian. But without more > people, Debian cannot possibly provide quality support for 59,000 > free software packages. That is just a fact, even it no one here > wants to acknowledge it. I haven't seen much evidence of trolls here, apart from yourself. Again, specifics help if you wish to make such claims, rather than general assertions. > Best regards, > > Chuck >
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote: [...] > Actually, someone already has shown us how to do it better. His name is > Linus Torvalds [...] I don't know what your aim is. I have the impression that it's just arguing for arguing's sake [1]. My time is too short to take part in this. From time to time you mix blatant falsehoods like the above (Linus wouldn't have got anywhere with his kernel had'nt he had at the time a whole free toolchain (C compiler, linker, build tools like Make, etc.), a whole user space (shell ls, cp, sed, you name it), all courtesy of the GNU project (he acknowledges that, you seem to ignore it, either by lack of research or by malice, I don't even want to know at this point). This is how free software works: you use things out there and build other things for others to use. *YOU* decide what *you* build. *OTHERS* decide what *they* do with it. So simple. You seem to have a beef with that. You can keep your beef. All of it. I'm out of this thread. [1] in the classical sense of "trolling", as per Wikipedia: "In Internet slang, a troll is a person who posts inflammatory, insincere, digressive,[1] extraneous, or off-topic messages in an online community [...], with the intent of provoking readers into displaying emotional responses,[2] or manipulating others' perception. https://en.wikipedia.org/wiki/Trolling -- t signature.asc Description: PGP signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski: On 9/13/2022 4:14 PM, Thiemo Kellner wrote: I think Megha is emphasizing, and possibly over-emphasizing, the fact that the persons who actually commit the code in free software projects can operate with little or no oversight when they are just volunteers not really accountable to anyone. And I very much think she is wrong there. Being software developer myself, unfortunately closed source mainly, I can tell that oversight is not related to the licensing model or the pay of the developer. I would go to the length to say that volunteers take, in general, a bigger pride in the quality of their work, because they are not payed for it. The few quite fruitless attempts in writing OSS, I took, failed sometimes because I intend to create the perfect solution and thus not progressing, whereas in the work for money I am often forced to implement a working solution I can tell from the start, it will not be easily maintainable or extendable. to think the situation might be better if either 1) open source projects exercised more oversight than they currently do over the persons who actually write the code and release the software As I already told. In over 25 years of experience, I do not have complaints about the oversight taken by OSS projects, where as I regularly can complain about closed source payed for software. In the past two weeks I was hunting down a problem we had with IBM DataStage. One of the parallel subprocess terminated unexpectedly and all the message DataStage cared to give was that the subprocess received a SIGINT. We hope to have work around, because we could not find the source. To me, one of the worst things one can do as developer not to have proper error reporting - unless you know, you will not get bothered when the shit starts to hit the fan. , or 2) free/oss software never became ubiquitous. We just cannot know without being able to do a time machine experiment and see how the software world would have developed if free/oss software had not become as ubiquitous as it is today. I cannot agree with you at all on this point. Omnipresence of OSS does not mean there are more error in the code. It just means there are more users to detect problems, thus more possiblities for the bugs to get fixed. Sure, if OSS developers are overloaded the will not get to fix all the problems, just as developers on CSS (closed source software). Much more, because the sales man can sell better new shiny features even if useless, than stable code. The buyer expects that flaws get fixed for free, maybe rightly so, thus the CSS company will fix as few bugs it can get away with (exageration). If there was not a serious problem of malware, identity theft, ransomware, etc., I would be more inclined to question what Megha Verma wrote, but based on what I see in how free/oss projects are governed, I am not surprised that a world that relies on so much free/oss software also suffers from so much malware, ransomware, identity theft, etc. Again, my experience with OSS is not this one. And I very much think, that malware, ransomware usually is software on its own not built-in any software. Maybe exploiting a backdoor a company put in their products for ease of maintenance or just by negligence. Identity theft sounds like social engineering or man in the middle attack. The latter not necessarily being a problem of OSS. Just because *you* have not experienced malware in the software you use does not mean that there are no cases where free/oss software is being deployed elsewhere in a stealthy way for malicious purposes. I did not state that OSS was free of flaws and bugs. I am make a point to state that in my experience there are fewer bugs therein than in CSS. I am fairly sure I was a victim of the breach of Yahoo that affected hundreds of millions of its users. I am sorry for you. I do not know this case, so I cannot tell whether OSS or CSS components of their service were breached, or even a social engineering case. I know people will reply and say it is much worse with proprietary software. But we really cannot know for sure, because free/oss is so ubiquitous now it is hard to separate free/oss software from proprietary software. I certainly can tell my experience comparing OSS to CSS. And there I OSS gets better off. And for the rest, well I cannot tell it is this or the other way around at all. For example, most web browsers are based on chromium, a free oss project that comes in large part from Google, but some of the most-used browsers in the world based on chromium are proprietary, such as chrome and edge. I am not sure that this holds true. I would be quite surprised that chromium or edged can legally use code of a OSS browser, being CSS. But I am not an attorney. I recommend everyone be very aware of the risks of using any software, whether it be proprietary software or free/oss software in today's
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 3:48 PM Stefan Monnier wrote: > > > If free/oss projects like Debian want to provide software with those > > positive characteristics to their users, those projects must have in > > place some level of oversight over what the persons who actually write > > the software actually do, or don't do in the case of failing to fix > > bugs that could easily be fixed, so that the goals of quality, useful, > > safe, and secure software are reached. > > That's why I like Free Software: all of this is done out in the open, > making oversight particularly easy. > > For proprietary code you generally simply can't do that at all because > it's all kept secret. I thought this argument was over many years ago. This is an old book, but it seems people need to read it today: https://www.amazon.com/Cathedral-Bazaar-Musings-Accidental-Revolutionary/dp/0596001088
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 4:31 PM, Stefan Monnier wrote: > > the interest of the user. These "volunteers" obviously have other, > > possibly malicious, interests if they prove themselves unwilling to > > apply fixes to bugs that are reported to them. > > I think there's a confusion here: these volunteers will also have > "other, possibly malicious, interests" even if they are willing/eager > to apply fixes to bugs that are reported to them. > > Same goes for people you pay, so it's not specific to volunteers. > And of course it's also not specific to a particular kind of license. > > > Stefan > So I presume you agree that no matter the kind of license, development model, etc., it is in the interest of the users of software for there to be oversight of what the persons who actually write the code and release the software to the public actually do to deter them from doing anything malicious, and if they do not act in the interest of the users, then they are undermining the purpose of any software project that claims to provide quality software that is secure, useful, and safe to use. If free/oss projects like Debian want to provide software with those positive characteristics to their users, those projects must have in place some level of oversight over what the persons who actually write the software actually do, or don't do in the case of failing to fix bugs that could easily be fixed, so that the goals of quality, useful, safe, and secure software are reached. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 4:14 PM, Thiemo Kellner wrote: > Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski: > > "Open Source Software is accessible to all means it can be used and > > misused. > > And, that’s where it turns unconstructive for us. With OSS, we can expect > > harm, > > virus transfer, identity burglary, and many other malicious practices to > > hurt the > > process." [1] > > ... > > > > [1] > > https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413 > > Hi Chuck > > ... > > I do not quite get the meaning of "Open Source Software is accessible to > all means it can be used and misused." by Megha Verma. Assuming that it > is by its nature possible to "inject" malicious code then yes and no. > Yes, it theoretically is possible as anyone can get and change the code, > but no, if the project is fairly well maintained, i.e. no commits to the > main branch of the code repository without any review. Personally, I > have been using OSS for more than 25 years and never had the suspicion > any of the OSS I used was acting malicious. I think Megha is emphasizing, and possibly over-emphasizing, the fact that the persons who actually commit the code in free software projects can operate with little or no oversight when they are just volunteers not really accountable to anyone. Also, we do not really know what the malware/ransomware situation would be like today around the world if free/oss software were not as ubiquitous as it is today in web servers, phone operating systems like android, etc. It clearly is not a good situation now regarding malware and ransomware around the world, and it is not unreasonable to think the situation might be better if either 1) open source projects exercised more oversight than they currently do over the persons who actually write the code and release the software, or 2) free/oss software never became ubiquitous. We just cannot know without being able to do a time machine experiment and see how the software world would have developed if free/oss software had not become as ubiquitous as it is today. If there was not a serious problem of malware, identity theft, ransomware, etc., I would be more inclined to question what Megha Verma wrote, but based on what I see in how free/oss projects are governed, I am not surprised that a world that relies on so much free/oss software also suffers from so much malware, ransomware, identity theft, etc. Just because *you* have not experienced malware in the software you use does not mean that there are no cases where free/oss software is being deployed elsewhere in a stealthy way for malicious purposes. I am fairly sure I was a victim of the breach of Yahoo that affected hundreds of millions of its users. A word to the wise: be vigilant about the software you use and take note of any red flags. I know people will reply and say it is much worse with proprietary software. But we really cannot know for sure, because free/oss is so ubiquitous now it is hard to separate free/oss software from proprietary software. For example, most web browsers are based on chromium, a free oss project that comes in large part from Google, but some of the most-used browsers in the world based on chromium are proprietary, such as chrome and edge. I recommend everyone be very aware of the risks of using any software, whether it be proprietary software or free/oss software in today's world of so much malware. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski: "Open Source Software is accessible to all means it can be used and misused. And, that’s where it turns unconstructive for us. With OSS, we can expect harm, virus transfer, identity burglary, and many other malicious practices to hurt the process." [1] I would not go so far to say that is happening in Debian, but I have experienced the fact that not every bug that is important to my use case will be fixed quickly in Debian, even if I or other users takes the time to find the fix and share it with the Debian developers. This experience of mine with Debian as a long-time user of Debian *does* raise suspicion in my mind, and I would not be suspicious of malicious intent by Debian developers and maintainers if they were more responsive to some bugs they just ignore for months and even years. I agree my suspicion does not prove malice, but my suspicion is reasonable when there are Debian "volunteers" who do work in corporate environments where the interests of their employer might conflict with the interests of the open source software projects such as Debian that they contribute to. This is simply a risk that users of Debian software, or of any open source software, should be aware of, and users should know how to mitigate this risk of malicious activity within open source software projects like Debian. So it as a fact that if a person is just a user of Debian and not an official developer of Debian, there is no guarantee that the use case of that particular user will receive prompt attention from the official Debian developers. That is true because Debian developers are just volunteers and not liable for any problems the software they release might cause to those who use Debian software. That is a *big disadvantage* of open source software. Best regards, Chuck [1] https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413 Hi Chuck While I think that you are partly right (prioritization of bug fixing of OSS) but my experience of closed source software (even paid for) is that one usually is only the small fish in the pond and one's needs are rather put back. However, with OSS, if you cannot fix it yourself - I suppose most users cannot do - one is free to give incentives to get one's wishes done. You can call it bribery if you like or putting a bounty on a problem. I do not quite get the meaning of "Open Source Software is accessible to all means it can be used and misused." by Megha Verma. Assuming that it is by its nature possible to "inject" malicious code then yes and no. Yes, it theoretically is possible as anyone can get and change the code, but no, if the project is fairly well maintained, i.e. no commits to the main branch of the code repository without any review. Personally, I have been using OSS for more than 25 years and never had the suspicion any of the OSS I used was acting malicious. I also would like to point to the table of mentioned lady. It states that OSS is open and FREE. As far as I am informed, the latter is not mandatory. I believe Richard Stallman put it that way: OSS is free as in freedom and not as in free beer. I hardly have ever noticed OSS not being free of fees but yet it is possible. Either she did not know, or she did not notice when putting in the table. But be it as it may, I think, that the association of OSS with free beer raises the expectation that OSS maintenance is not to cost a dime, and therefore a bad association. Thus, I have begun to donate to OSS projects to give back in that way at least. Kind regards Thiemo -- Signal (Safer than WhatsApp): +49 1578 7723737 Threema (Safer than WhatsApp): A76MKH3J Handy: +49 1578 772 37 37
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 3:59 PM, err...@free.fr wrote: > Please STOP! > > you are annoying, and if you want improve free softwares, is not like this. > you will better contribute with your code or with your translations than by > writing to this mailing-list The problem is, with all due respect, that I do have my code improvements for free software, but some free software people do not want to accept my contributions but instead want to allow the free software to continue to have the bugs, and they will not explain themselves either. Why should I waste my time contributing to software projects who do not want my contributions? Treating people who want to contribute this way is not the way to gain more advocates for free software! > > I want you kicked from this list. Well, if you get me kicked off, I will be kicked off. But that is not the way to build a community of people trying to make good software. That is all I am advocating for, and I am really surprised to be treated this way on this list for advocating for improved software in Debian. I guess the trolls on here do not really want to increase the number of people working on improving Debian. But without more people, Debian cannot possibly provide quality support for 59,000 free software packages. That is just a fact, even it no one here wants to acknowledge it. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
Please STOP! you are annoying, and if you want improve free softwares, is not like this. you will better contribute with your code or with your translations than by writing to this mailing-list I want you kicked from this list.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 2:33 PM, Michael Stone wrote: > On Tue, Sep 13, 2022 at 02:14:38PM -0400, Chuck Zmudzinski wrote: > >So do you, obviously. Someone said something that raised that question in my > >mind, > >but you deleted that part from this message, which proves you are the one > >who has > >an ax to grind by not answering the question that has been raised by the > >comments > >you and another person has been making. > > What question? You identified "rhetorical questions" that you wanted me to stop. > I saw no question. Either talk about specifics or it's > nothing but empty FUD. > > >> Either get to the point and discuss > >> what's bothering you directly or stop with the pointless rhetorical > >> questions. > >> > > > >It bothers me that there are supposed advocates of free/oss software like > >Debian > >who think that it is good for free/oss software if the persons who volunteer > >to develop and maintain free software like Debian can ignore bugs reported > >to them > >and refuse to fix them. > > Here's the thing: it's open source. If you think it's not being done > right THEN YOU DO IT DIFFERENTLY. If you don't like how some software is > being maintained, fork it and show everyone how it can be done better. Actually, someone already has shown us how to do it better. His name is Linus Torvalds. Debian and other oss projects should see and understand what he does that makes the Linux kernel a truly useful software project. Debian is successful because of the Linux kernel, not the other way around. Since you bring up forks, I have an opinion about that. Everyone have their own fork is not a sustainable model for free/oss software, IMHO. If everyone needs to have their own fork, that is because of the failure of the way free/oss projects are governed. Again this is just my opinion, but I think it is valid. There is a place for some forks when the goal of the project has a particular focus, but for a project like Debian, which currently claims to support 59000 free software packages in the stable distribution, the focus is on general purpose computing and, IMHO, it is a failure for Debian and free/oss software when a fork such as Devuan happens. The Devuan fork proved how ridiculous it is for Debian to claim to be able to support 59000 software packages in its stable distribution, which is currently what the "Reasons to use Debian" page on debian.org claims. I think that if Debian really wants to provide *high quality* support for each and every one of the 59000 software packages in its repositories, it should look at the Devuan fork and try to understand what it could have done to prevent it from happening. All those people working on Devuan could still be working on Debian. I don't understand why it was good for that fork to happen. Just my opinion, FWIW. > > It's unreasonable to just sit on the sidelines and make vague > accusations. The ax you want to grind seems to involve one specific > issue. The issue is the survival of free/oss software - it will not survive if the idea that those who develop and maintain free/oss software don't have to respond to the bugs that are reported to them prevails. No one will use it if the people who create it are free to let the problems that inevitably arise go without fixing them. > Tell us what it is, then everyone can decide for themselves > whether you have a point, whether it can/should be addressed, or whether > you're just mad that you can't make someone else do what you want. I think I have clarified what the issue is sufficiently. I am not mad that I cannot make someone else do what I want. I would just be sad if free/oss software dies out because it was taken over by people who refused to acknowledge the simple idea that it is bad for free/oss software if those who develop and maintain the software are free to not fix the bugs that users report to them. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 02:14:38PM -0400, Chuck Zmudzinski wrote: So do you, obviously. Someone said something that raised that question in my mind, but you deleted that part from this message, which proves you are the one who has an ax to grind by not answering the question that has been raised by the comments you and another person has been making. What question? I saw no question. Either talk about specifics or it's nothing but empty FUD. Either get to the point and discuss what's bothering you directly or stop with the pointless rhetorical questions. It bothers me that there are supposed advocates of free/oss software like Debian who think that it is good for free/oss software if the persons who volunteer to develop and maintain free software like Debian can ignore bugs reported to them and refuse to fix them. Here's the thing: it's open source. If you think it's not being done right THEN YOU DO IT DIFFERENTLY. If you don't like how some software is being maintained, fork it and show everyone how it can be done better. It's unreasonable to just sit on the sidelines and make vague accusations. The ax you want to grind seems to involve one specific issue. Tell us what it is, then everyone can decide for themselves whether you have a point, whether it can/should be addressed, or whether you're just mad that you can't make someone else do what you want.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 2:02 PM, Michael Stone wrote: > On Tue, Sep 13, 2022 at 12:42:12PM -0400, Chuck Zmudzinski wrote: > >Software projects today, IIUC, are communities. The "volunteers" should do > >what the community > >wants, not necessarily what you or I want. Do you think the free/oss > >software community wants > >volunteers who ignore bugs or refuse to fix bugs in free/oss software? If > >they do ignore a > >bug or refuse to fix a bug with a known fix, don't they owe an explanation > >to the community? > >If not, why not? > > You seem to have an ax to grind. So do you, obviously. Someone said something that raised that question in my mind, but you deleted that part from this message, which proves you are the one who has an ax to grind by not answering the question that has been raised by the comments you and another person has been making. > Either get to the point and discuss > what's bothering you directly or stop with the pointless rhetorical > questions. > It bothers me that there are supposed advocates of free/oss software like Debian who think that it is good for free/oss software if the persons who volunteer to develop and maintain free software like Debian can ignore bugs reported to them and refuse to fix them. If you think that is good for free/oss software, I disagree with you. Fortunately, you are just one person, and I doubt the Debian community or any other free software community wants the persons who develop and maintain the software to ignore and/or refuse to fix the bugs reported to them. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 12:42:12PM -0400, Chuck Zmudzinski wrote: Software projects today, IIUC, are communities. The "volunteers" should do what the community wants, not necessarily what you or I want. Do you think the free/oss software community wants volunteers who ignore bugs or refuse to fix bugs in free/oss software? If they do ignore a bug or refuse to fix a bug with a known fix, don't they owe an explanation to the community? If not, why not? You seem to have an ax to grind. Either get to the point and discuss what's bothering you directly or stop with the pointless rhetorical questions.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, 13 Sep 2022, Chuck Zmudzinski wrote: I agree with that. But the price-performance ratio could be even better if the "volunteers" in free/oss software projects were not free to ignore bugs reported to them. Pretty much everything worked for this grub bug other than some unfortunate setting of priorities. The bug wasn't around long enough that you can assume it was being ignored. Yes, I agree there's some annoyance when volunteers ignore bugs that have patches, there's one in ucf that has caused me no end of grief but it's pretty easy to rebuild with patches and patches are easy to find. There was that recent bash + ssh bug that I got lots of help with here a few weeks ago. I have a patched bash - it would be nice not to have to keep that but it's not a big deal. I've been just as guilty the other way. I found a minor bug in dump but it took me ages (probably years) to bother report it and then it was fixed in a few days. Possibly I was the only person to encounter it and when I couldn't fix it in five minutes I just put up with it and did nothing.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 12:36 PM, to...@tuxteam.de wrote: > On Tue, Sep 13, 2022 at 12:25:40PM -0400, Chuck Zmudzinski wrote: > > [...] > > > I agree with that. But the price-performance ratio could be even better if > > the "volunteers" > > in free/oss software projects were not free to ignore bugs reported to them. > > Hm. I doubt that. Perhaps they will do more what *you* want, Software projects today, IIUC, are communities. The "volunteers" should do what the community wants, not necessarily what you or I want. Do you think the free/oss software community wants volunteers who ignore bugs or refuse to fix bugs in free/oss software? If they do ignore a bug or refuse to fix a bug with a known fix, don't they owe an explanation to the community? If not, why not?
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 12:25:40PM -0400, Chuck Zmudzinski wrote: [...] > I agree with that. But the price-performance ratio could be even better if > the "volunteers" > in free/oss software projects were not free to ignore bugs reported to them. Hm. I doubt that. Perhaps they will do more what *you* want, but if they are free to do what they want, the software's quality is higher? Cheers -- t signature.asc Description: PGP signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 11:53 AM, Michael Stone wrote: > On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote: > >On 9/13/2022 12:36 AM, to...@tuxteam.de wrote: > >> On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote: > >> > >> > [...] "I can't get personalized/dedicated support with enforceable > >> > SLAs for free" > > > >If the requirement that maintainers and developers of free/oss software must > >actually > >fix the bugs reported to them is not enforced, then free/oss software *is* > >vulnerable to > >all kinds of malicious activity by the "volunteers" who create the free/oss > >software. > > Enforced by whom? How? The users. They stop using software or any product that does not work well or is more trouble than it is worth. Then the entity, whether a free/oss or proprietary provider ends up shutting down the enterprise. > You do realize that nobody enforces that on > proprietary software either, right? The users do, in the marketplace - and what is not used by enough users eventually disappears. > THIS IS NOT A CHARACTERISTIC THAT > DISTINGUISHES OPEN SOURCE AND CLOSED SOURCE SOFTWARE. Given that, > continuing this discussion seems silly. (Especially since it appears > that you'll simply to repeat your original assertion, mistaken though it > is, without even trying to address to the points that others have made.) > I think it is true that the "best" software development model depends less on free/oss vs. proprietary and more on the wisdom, foresight, integrity, and technical expertise of those doing the work and making the important decisions. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 11:44 AM, to...@tuxteam.de wrote: > On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote: > > On 9/13/2022 12:36 AM, to...@tuxteam.de wrote: > > > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote: > > > > > > > [...] "I can't get personalized/dedicated support with enforceable > > > > SLAs for free" > > > > If the requirement that maintainers and developers of free/oss software > > must actually > > fix the bugs reported to them is not enforced, then free/oss software *is* > > vulnerable to > > all kinds of malicious activity by the "volunteers" who create the free/oss > > software. > > > > > > > > Had I a printer, I'd print out this, frame it and hang it on the > > > wall. This makes the point very nicely :-) > > > > > > Cheers > > > > Yes, it is true, no one should use Debian or any software maintained by > > totally > > unaccountable "volunteers" for any mission-critical purpose without also > > hiring > > someone with the time and expertise to do what is necessary to make such > > software > > secure and bug-free for the intended purpose of the software. That is, users > > must *not trust* the volunteers who maintain and develop Debian software to > > act in > > the interest of the user [...] > > But how is that different from commercial software? Not that much different. I like the fact that we have free/oss software now so we can see which "volunteers" who sometimes work for big corporations choose to ignore bugs reported to them. I won't trust those "volunteers" nor will I trust the companies they work for, nor will I trust the software and hardware those companies release into the marketplace. I also think it is better for free/oss projects to enforce some minimum level of effort on the "volunteers" who maintain and develop the software to reduce the chances that the "volunteers" can get away with abusing their position as "volunteers" who have the power to upload official software to the free/oss projects' download servers. > The commercial entity > is bound to the shareholders and to the paying customers -- based on how > much they pay for. If you, as a customer, are shelling out a significant > amount of money, you can as well pay a dedicated person to keep your > free software in shape. Probably the price-performance ratio will be > better. I agree with that. But the price-performance ratio could be even better if the "volunteers" in free/oss software projects were not free to ignore bugs reported to them. Cheers
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote: On 9/13/2022 12:36 AM, to...@tuxteam.de wrote: On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote: > [...] "I can't get personalized/dedicated support with enforceable > SLAs for free" If the requirement that maintainers and developers of free/oss software must actually fix the bugs reported to them is not enforced, then free/oss software *is* vulnerable to all kinds of malicious activity by the "volunteers" who create the free/oss software. Enforced by whom? How? You do realize that nobody enforces that on proprietary software either, right? THIS IS NOT A CHARACTERISTIC THAT DISTINGUISHES OPEN SOURCE AND CLOSED SOURCE SOFTWARE. Given that, continuing this discussion seems silly. (Especially since it appears that you'll simply to repeat your original assertion, mistaken though it is, without even trying to address to the points that others have made.)
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote: > On 9/13/2022 12:36 AM, to...@tuxteam.de wrote: > > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote: > > > > > [...] "I can't get personalized/dedicated support with enforceable > > > SLAs for free" > > If the requirement that maintainers and developers of free/oss software must > actually > fix the bugs reported to them is not enforced, then free/oss software *is* > vulnerable to > all kinds of malicious activity by the "volunteers" who create the free/oss > software. > > > > > Had I a printer, I'd print out this, frame it and hang it on the > > wall. This makes the point very nicely :-) > > > > Cheers > > Yes, it is true, no one should use Debian or any software maintained by > totally > unaccountable "volunteers" for any mission-critical purpose without also > hiring > someone with the time and expertise to do what is necessary to make such > software > secure and bug-free for the intended purpose of the software. That is, users > must *not trust* the volunteers who maintain and develop Debian software to > act in > the interest of the user [...] But how is that different from commercial software? The commercial entity is bound to the shareholders and to the paying customers -- based on how much they pay for. If you, as a customer, are shelling out a significant amount of money, you can as well pay a dedicated person to keep your free software in shape. Probably the price-performance ratio will be better. Cheers -- t signature.asc Description: PGP signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 12:36 AM, to...@tuxteam.de wrote: > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote: > > > [...] "I can't get personalized/dedicated support with enforceable > > SLAs for free" If the requirement that maintainers and developers of free/oss software must actually fix the bugs reported to them is not enforced, then free/oss software *is* vulnerable to all kinds of malicious activity by the "volunteers" who create the free/oss software. > > Had I a printer, I'd print out this, frame it and hang it on the > wall. This makes the point very nicely :-) > > Cheers Yes, it is true, no one should use Debian or any software maintained by totally unaccountable "volunteers" for any mission-critical purpose without also hiring someone with the time and expertise to do what is necessary to make such software secure and bug-free for the intended purpose of the software. That is, users must *not trust* the volunteers who maintain and develop Debian software to act in the interest of the user. These "volunteers" obviously have other, possibly malicious, interests if they prove themselves unwilling to apply fixes to bugs that are reported to them. Thanks for clarifying that fact. Best regards
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote: > [...] "I can't get personalized/dedicated support with enforceable > SLAs for free" Had I a printer, I'd print out this, frame it and hang it on the wall. This makes the point very nicely :-) Cheers -- t signature.asc Description: PGP signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/12/22 3:32 PM, Michael Stone wrote: > On Mon, Sep 12, 2022 at 01:47:49PM -0400, Chuck Zmudzinski wrote: > >Well, I suppose so, but I am pleased that a grub maintainer is now on the > >case. Still, > >there is another Debian bug that affects me that continues to be ignored, so > >I admit > >I have an attitude about that. I accept that what is of grave or important > >severity to > >me is not necessarily of grave or critical severity to the official Debian > >maintainers > >and developers. I wish to merely point out that what is often said about the > >advantages > >and disadvantages of free, open-source software that is maintained by > >volunteers is > >true: > > No, it's a misguided conclusion that isn't supported by facts. I can > think of any number of bugs in closed source software that aren't fixed. > The only real difference is this: with open source software you might > actually be told "I'm not going to prioritize this because I'm a > volunteer and prefer to do something else", while with propietary > software the discussion that concludes "this customer isn't important > enough to require a change in the priority of the request" isn't going > to be public and all you'll ever be told is that the request is being > reviewed or somesuch. > > There is an exception that proves the rule, however: if you're a large > enough customer, paying enough money, you may well get a team of people > dedicated to implementing whatever you ask for. But here's the > thing--you can get the same level of service for open source software, > if you're willing to pay for it. (Not directly from debian, but there > are consultants/etc that will provide such services.) Your complaint > really boils down to "I can't get personalized/dedicated support with > enforceable SLAs for free", which is just as true for proprietary > software as it is for open source software. > I actually agree free/oss is better - if I was a big paying customer (I am not), I would pay for a free/oss solution instead of a proprietary solution because the entire development of the solution would be in the open which would make it more difficult for the persons implementing the solution to do anything malicious behind closed doors. Still, I think it is obvious that the success of free/oss projects depends very much on whether or not the persons who volunteer as developers and maintainers actually respond to and fix bugs. Also, if the persons who volunteer as developers and maintainers can ignore bug reports without any consequences from the community, then the possibility for free/oss software to fully realize the advantages of the free/oss software development model over the proprietary model is undermined. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Mon, Sep 12, 2022 at 01:47:49PM -0400, Chuck Zmudzinski wrote: Well, I suppose so, but I am pleased that a grub maintainer is now on the case. Still, there is another Debian bug that affects me that continues to be ignored, so I admit I have an attitude about that. I accept that what is of grave or important severity to me is not necessarily of grave or critical severity to the official Debian maintainers and developers. I wish to merely point out that what is often said about the advantages and disadvantages of free, open-source software that is maintained by volunteers is true: No, it's a misguided conclusion that isn't supported by facts. I can think of any number of bugs in closed source software that aren't fixed. The only real difference is this: with open source software you might actually be told "I'm not going to prioritize this because I'm a volunteer and prefer to do something else", while with propietary software the discussion that concludes "this customer isn't important enough to require a change in the priority of the request" isn't going to be public and all you'll ever be told is that the request is being reviewed or somesuch. There is an exception that proves the rule, however: if you're a large enough customer, paying enough money, you may well get a team of people dedicated to implementing whatever you ask for. But here's the thing--you can get the same level of service for open source software, if you're willing to pay for it. (Not directly from debian, but there are consultants/etc that will provide such services.) Your complaint really boils down to "I can't get personalized/dedicated support with enforceable SLAs for free", which is just as true for proprietary software as it is for open source software.
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-12 at 14:50, Chuck Zmudzinski wrote: > On 9/12/2022 1:58 PM, The Wanderer wrote: > >> On 2022-09-12 at 13:47, Chuck Zmudzinski wrote: >>> I wish to merely point out that what is often said about the >>> advantages and disadvantages of free, open-source software that >>> is maintained by volunteers is true: >>> >>> An advantage is that the user has full access to the source code >>> and is free to fix problems if the official releases have >>> unpatched bugs but this of course costs time and resources >>> devoted to solving problems that are not fixed promptly in the >>> official release. A disadvantage is that often the priorities of >>> the developers who release free, open source software are not >>> always the same as the priorities of any particular user, so >>> there is no guarantee that the developers of free, open source >>> software will ever get around to fixing a problem that might be >>> causing trouble for some subset of users of the software who very >>> often just stop using the free, open source software and return >>> to proprietary software that just works for them without a big >>> hassle or effort to keep it working well and securely. >> >> I am inclined to dispute one aspect of this characterization. >> >> That which you cite here as a disadvantage is only a disadvantage >> (relative to proprietary software) if the proprietary software >> does, as you say, "just work for them". >> >> It is equally possible (if not more) to find that a given piece of >> proprietary software does not meet your needs (because the >> priorities of its developers, or at least the people who pay them, >> do not match your priorities). >> >> If that happens, you don't even have the option of falling back to >> hack the source and run your own version; you're effectively stuck. >> As I understand matters, that is in fact the reason Free Software >> was invented in the first place. >> >> With access to the source and appropriate license guaranteeing you >> the right to modify it (et cetera), if the priorities of the >> developers don't match yours you do at least have the possibility >> of going in and fixing it yourself - whether as a patch to go >> upstream, or a public fork, or even just a local fork. With >> proprietary software, you don't have that option. >> >> As such, not only is this not a disadvantage unique to Free >> Software, it's a disadvantage that exists even *worse* with >> proprietary software. > > I agree OSS that works well is much better than proprietary software, > because it makes a software solution that works well accessible to > all the users. That's not the argument I was making, though. The argument I was making is that when OSS software (or at least Free Software - FLOSS, if you want an acronym) doesn't work well, you have the option to fix it, whereas when proprietary software doesn't work well, you don't have that option. > The disadvantage is that in practice, OSS does not always work as > well and is sometimes more buggy than proprietary software And sometimes the reverse is true. Or sometimes *both* don't work well. Or sometimes both *do* work well. Disadvantage is *relative*; one thing can be at an advantage or disadvantage over another. The things you're citing as disadvantages of OSS software are not unique or exclusive to OSS software; they can happen just as easily and as well with proprietary software. As such, they are not a disadvantage of OSS vs. proprietary software; advantages or disadvantages can only manifest in *differences*. > when, for example, the developers and maintainers are unwilling or > unable to fix bugs or add features and the users do not have the > ability to fix the problems or convince the developers to fix the > problems, That happens at least as much with proprietary software. At least with FLOSS software, you're more likely to have the ability to contact the developers at all, and the developers are less likely to be subject to restraints that would prohibit them from making a particular change even if they wanted to. The rest of your response is getting into fields I'm not interested in trying to address at present; my focus in my reply was entirely on the point of whether or not the things you're alleging are actually a disadvantage for FLOSS as compared against proprietary software, and the rest of your points don't seem to address that focus. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/12/2022 1:58 PM, The Wanderer wrote: > On 2022-09-12 at 13:47, Chuck Zmudzinski wrote: > > > On 9/12/2022 12:14 PM, David Wright wrote: > > > >> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote: > > >>> The grub maintainers do not have the time or interest to fix it. > >>> Perhaps the Xen users could try to convince the Xen maintainers > >>> to do an nmu to fix it if the grub maintainers continue to ignore > >>> the bug, but I don't know if that breaks the etiquette that > >>> governs such things in the world of Debian developers - I am just > >>> a Debian user. > >> > >> There seems to be some attitude here. > > > > Well, I suppose so, but I am pleased that a grub maintainer is now on > > the case. Still, there is another Debian bug that affects me that > > continues to be ignored, so I admit I have an attitude about that. I > > accept that what is of grave or important severity to me is not > > necessarily of grave or critical severity to the official Debian > > maintainers and developers. I wish to merely point out that what is > > often said about the advantages and disadvantages of free, > > open-source software that is maintained by volunteers is true: > > > > An advantage is that the user has full access to the source code and > > is free to fix problems if the official releases have unpatched bugs > > but this of course costs time and resources devoted to solving > > problems that are not fixed promptly in the official release. A > > disadvantage is that often the priorities of the developers who > > release free, open source software are not always the same as the > > priorities of any particular user, so there is no guarantee that the > > developers of free, open source software will ever get around to > > fixing a problem that might be causing trouble for some subset of > > users of the software who very often just stop using the free, open > > source software and return to proprietary software that just works > > for them without a big hassle or effort to keep it working well and > > securely. > > I am inclined to dispute one aspect of this characterization. > > That which you cite here as a disadvantage is only a disadvantage > (relative to proprietary software) if the proprietary software does, as > you say, "just work for them". > > It is equally possible (if not more) to find that a given piece of > proprietary software does not meet your needs (because the priorities of > its developers, or at least the people who pay them, do not match your > priorities). > > If that happens, you don't even have the option of falling back to hack > the source and run your own version; you're effectively stuck. As I > understand matters, that is in fact the reason Free Software was > invented in the first place. > > With access to the source and appropriate license guaranteeing you the > right to modify it (et cetera), if the priorities of the developers > don't match yours you do at least have the possibility of going in and > fixing it yourself - whether as a patch to go upstream, or a public > fork, or even just a local fork. With proprietary software, you don't > have that option. > > As such, not only is this not a disadvantage unique to Free Software, > it's a disadvantage that exists even *worse* with proprietary software. > I agree OSS that works well is much better than proprietary software, because it makes a software solution that works well accessible to all the users. The disadvantage is that in practice, OSS does not always work as well and is sometimes more buggy than proprietary software when, for example, the developers and maintainers are unwilling or unable to fix bugs or add features and the users do not have the ability to fix the problems or convince the developers to fix the problems, and it is especially a problem when the only reason the OSS supporters give for not fixing problems is: "we are just volunteers." Really good, secure software is not going to come from volunteers who are never required to at least explain why they fail to fix bugs that have a known fix but remain open for an unreasonably long time due to the lack of attention to the bug by the developers and maintainers. Unfortunately, this does happen in Debian, and as long as defenders of OSS continue to say, "they are just volunteers," there will always be a risk that the "volunteers" will be able to sabotage the real goals of OSS software. In the end, though, OSS is probably best because those who do sabotage OSS software eventually get caught precisely because the process of developing OSS is also open so the malice is eventually discovered by the community and the malicious actors are removed from positions where they can cause harm. Best regards, Chuck
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On Mon, Sep 12, 2022 at 01:47:49PM -0400, Chuck Zmudzinski wrote: [...] > [...] A disadvantage is that often the priorities of the developers who > release > free, open source software are not always the same as the priorities of any > particular > user [...] This might have been different back when the user used to be the paying customer. That ship has sailed long ago. Even back then, attention was optimized towards the "biggest subset". > Megha Verma of medium.com goes so far to say a disadvantage of OSS is that > free > open source software can be misused for malicious purposes, but it would be > hard > to prove what she says is true, but her point is that the way open source > projects > are governed lends itself to possible abuse. This is how she explains it: > > "Open Source Software is accessible to all means it can be used and misused. > And, that’s where it turns unconstructive for us. With OSS, we can expect > harm, > virus transfer, identity burglary, and many other malicious practices to hurt > the > process." [1] Aha. That's why the most virus-ridden operating system out there is "open source". Oh, wait... This is naive. No. Such simplistic views are just wrong. I'm not saying free software is immune against malware. Not by a long shot. There are strengths and weaknesses -- in my eyes, the biggest strength of free software (I much prefer this spelling to the other, mind you) is the higher average level of proficiency among their users, something free software fosters by its very model. Cheers -- t signature.asc Description: PGP signature
Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 2022-09-12 at 13:47, Chuck Zmudzinski wrote: > On 9/12/2022 12:14 PM, David Wright wrote: > >> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote: >>> The grub maintainers do not have the time or interest to fix it. >>> Perhaps the Xen users could try to convince the Xen maintainers >>> to do an nmu to fix it if the grub maintainers continue to ignore >>> the bug, but I don't know if that breaks the etiquette that >>> governs such things in the world of Debian developers - I am just >>> a Debian user. >> >> There seems to be some attitude here. > > Well, I suppose so, but I am pleased that a grub maintainer is now on > the case. Still, there is another Debian bug that affects me that > continues to be ignored, so I admit I have an attitude about that. I > accept that what is of grave or important severity to me is not > necessarily of grave or critical severity to the official Debian > maintainers and developers. I wish to merely point out that what is > often said about the advantages and disadvantages of free, > open-source software that is maintained by volunteers is true: > > An advantage is that the user has full access to the source code and > is free to fix problems if the official releases have unpatched bugs > but this of course costs time and resources devoted to solving > problems that are not fixed promptly in the official release. A > disadvantage is that often the priorities of the developers who > release free, open source software are not always the same as the > priorities of any particular user, so there is no guarantee that the > developers of free, open source software will ever get around to > fixing a problem that might be causing trouble for some subset of > users of the software who very often just stop using the free, open > source software and return to proprietary software that just works > for them without a big hassle or effort to keep it working well and > securely. I am inclined to dispute one aspect of this characterization. That which you cite here as a disadvantage is only a disadvantage (relative to proprietary software) if the proprietary software does, as you say, "just work for them". It is equally possible (if not more) to find that a given piece of proprietary software does not meet your needs (because the priorities of its developers, or at least the people who pay them, do not match your priorities). If that happens, you don't even have the option of falling back to hack the source and run your own version; you're effectively stuck. As I understand matters, that is in fact the reason Free Software was invented in the first place. With access to the source and appropriate license guaranteeing you the right to modify it (et cetera), if the priorities of the developers don't match yours you do at least have the possibility of going in and fixing it yourself - whether as a patch to go upstream, or a public fork, or even just a local fork. With proprietary software, you don't have that option. As such, not only is this not a disadvantage unique to Free Software, it's a disadvantage that exists even *worse* with proprietary software. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/12/2022 12:14 PM, David Wright wrote: > On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote: > > On 9/12/2022 12:55 AM, David Wright wrote: > > > > > > I would imagine a fix could follow quite quickly as it only requires > > > rebuilding with a filename added to a list of files not to have > > > their symbols stripped (or reverting the compatibility level change). > > > > The patch to fix the bug with the dh_strip override was identified six days > > ago > > in the bug report by a user, yet AFAICT the grub maintainers have not even > > acknowledged the existence of this bug yet to those who have contributed > > to the bug report on BTS. So I do not expect a fix very soon. > > I don't see why: I see Steve's post from several hours ago. Sorry, I missed that, Steve is a grub maintainer and now he is looking at the bug, and that is a good and encouraging fact. > > > The grub maintainers > > do not have the time or interest to fix it. Perhaps the Xen users could try > > to > > convince the Xen maintainers to do an nmu to fix it if the grub maintainers > > continue to ignore the bug, but I don't know if that breaks the etiquette > > that > > governs such things in the world of Debian developers - I am just a Debian > > user. > > There seems to be some attitude here. Well, I suppose so, but I am pleased that a grub maintainer is now on the case. Still, there is another Debian bug that affects me that continues to be ignored, so I admit I have an attitude about that. I accept that what is of grave or important severity to me is not necessarily of grave or critical severity to the official Debian maintainers and developers. I wish to merely point out that what is often said about the advantages and disadvantages of free, open-source software that is maintained by volunteers is true: An advantage is that the user has full access to the source code and is free to fix problems if the official releases have unpatched bugs but this of course costs time and resources devoted to solving problems that are not fixed promptly in the official release. A disadvantage is that often the priorities of the developers who release free, open source software are not always the same as the priorities of any particular user, so there is no guarantee that the developers of free, open source software will ever get around to fixing a problem that might be causing trouble for some subset of users of the software who very often just stop using the free, open source software and return to proprietary software that just works for them without a big hassle or effort to keep it working well and securely. Megha Verma of medium.com goes so far to say a disadvantage of OSS is that free open source software can be misused for malicious purposes, but it would be hard to prove what she says is true, but her point is that the way open source projects are governed lends itself to possible abuse. This is how she explains it: "Open Source Software is accessible to all means it can be used and misused. And, that’s where it turns unconstructive for us. With OSS, we can expect harm, virus transfer, identity burglary, and many other malicious practices to hurt the process." [1] I would not go so far to say that is happening in Debian, but I have experienced the fact that not every bug that is important to my use case will be fixed quickly in Debian, even if I or other users takes the time to find the fix and share it with the Debian developers. This experience of mine with Debian as a long-time user of Debian *does* raise suspicion in my mind, and I would not be suspicious of malicious intent by Debian developers and maintainers if they were more responsive to some bugs they just ignore for months and even years. I agree my suspicion does not prove malice, but my suspicion is reasonable when there are Debian "volunteers" who do work in corporate environments where the interests of their employer might conflict with the interests of the open source software projects such as Debian that they contribute to. This is simply a risk that users of Debian software, or of any open source software, should be aware of, and users should know how to mitigate this risk of malicious activity within open source software projects like Debian. So it as a fact that if a person is just a user of Debian and not an official developer of Debian, there is no guarantee that the use case of that particular user will receive prompt attention from the official Debian developers. That is true because Debian developers are just volunteers and not liable for any problems the software they release might cause to those who use Debian software. That is a *big disadvantage* of open source software. Best regards, Chuck [1] https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413
Re: Package grub-xen-host breaks PV domains with 11.5 point release
On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote: > On 9/12/2022 12:55 AM, David Wright wrote: > > On Mon 12 Sep 2022 at 01:15:47 (+0200), Tom Lew wrote: > > > This is my first post, bear with me.. > > > > > > Package "grub-xen-host" shipped with point release 11.5 broke all PV > > > domains on my Xen server, after "apt upgrade" from 11.4. > > > > > > I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017944 > > > exactly mirroring my situation, and I wonder whether this can be fixed > > > for other users in any (fast) way, upfront other users doing apt > > > upgrade on their Xen hosts? > > > > > > My workaround for this ATM: install and pin previous grub-xen-host > > > (grub-xen-host_2.04-20_amd64.deb, grub-xen-bin_2.04-20_amd64.deb, > > > grub-common_2.04-20_amd64.deb). Probably the wrong way to fix it, but > > > works for me so far(TM). > > > > > > In case this should be reported or added to something somewhere, > > > please let me (a Debian bug reporting newbie) know. > > > > I would imagine a fix could follow quite quickly as it only requires > > rebuilding with a filename added to a list of files not to have > > their symbols stripped (or reverting the compatibility level change). > > The patch to fix the bug with the dh_strip override was identified six days > ago > in the bug report by a user, yet AFAICT the grub maintainers have not even > acknowledged the existence of this bug yet to those who have contributed > to the bug report on BTS. So I do not expect a fix very soon. I don't see why: I see Steve's post from several hours ago. > The grub maintainers > do not have the time or interest to fix it. Perhaps the Xen users could try to > convince the Xen maintainers to do an nmu to fix it if the grub maintainers > continue to ignore the bug, but I don't know if that breaks the etiquette that > governs such things in the world of Debian developers - I am just a Debian > user. There seems to be some attitude here. > > AFAICT apt-listbugs would have reported this to you before > > the upgrade of grub-xen-host took place, as someone had reported > > it on 22 Aug. So it might be worth installing apt-listbugs. Cheers, David.
Re: Package grub-xen-host breaks PV domains with 11.5 point release
On 9/12/2022 12:55 AM, David Wright wrote: > On Mon 12 Sep 2022 at 01:15:47 (+0200), Tom Lew wrote: > > This is my first post, bear with me.. > > > > Package "grub-xen-host" shipped with point release 11.5 broke all PV > > domains on my Xen server, after "apt upgrade" from 11.4. > > > > I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017944 > > exactly mirroring my situation, and I wonder whether this can be fixed > > for other users in any (fast) way, upfront other users doing apt > > upgrade on their Xen hosts? > > > > My workaround for this ATM: install and pin previous grub-xen-host > > (grub-xen-host_2.04-20_amd64.deb, grub-xen-bin_2.04-20_amd64.deb, > > grub-common_2.04-20_amd64.deb). Probably the wrong way to fix it, but > > works for me so far(TM). > > > > In case this should be reported or added to something somewhere, > > please let me (a Debian bug reporting newbie) know. > > I would imagine a fix could follow quite quickly as it only requires > rebuilding with a filename added to a list of files not to have > their symbols stripped (or reverting the compatibility level change). The patch to fix the bug with the dh_strip override was identified six days ago in the bug report by a user, yet AFAICT the grub maintainers have not even acknowledged the existence of this bug yet to those who have contributed to the bug report on BTS. So I do not expect a fix very soon. The grub maintainers do not have the time or interest to fix it. Perhaps the Xen users could try to convince the Xen maintainers to do an nmu to fix it if the grub maintainers continue to ignore the bug, but I don't know if that breaks the etiquette that governs such things in the world of Debian developers - I am just a Debian user. Best regards, Chuck > > AFAICT apt-listbugs would have reported this to you before > the upgrade of grub-xen-host took place, as someone had reported > it on 22 Aug. So it might be worth installing apt-listbugs. > > Cheers, > David. >
Re: Package grub-xen-host breaks PV domains with 11.5 point release
On Mon 12 Sep 2022 at 01:15:47 (+0200), Tom Lew wrote: > This is my first post, bear with me.. > > Package "grub-xen-host" shipped with point release 11.5 broke all PV > domains on my Xen server, after "apt upgrade" from 11.4. > > I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017944 > exactly mirroring my situation, and I wonder whether this can be fixed > for other users in any (fast) way, upfront other users doing apt > upgrade on their Xen hosts? > > My workaround for this ATM: install and pin previous grub-xen-host > (grub-xen-host_2.04-20_amd64.deb, grub-xen-bin_2.04-20_amd64.deb, > grub-common_2.04-20_amd64.deb). Probably the wrong way to fix it, but > works for me so far(TM). > > In case this should be reported or added to something somewhere, > please let me (a Debian bug reporting newbie) know. I would imagine a fix could follow quite quickly as it only requires rebuilding with a filename added to a list of files not to have their symbols stripped (or reverting the compatibility level change). AFAICT apt-listbugs would have reported this to you before the upgrade of grub-xen-host took place, as someone had reported it on 22 Aug. So it might be worth installing apt-listbugs. Cheers, David.
Re: Package grub-xen-host breaks PV domains with 11.5 point release
On Mon, 12 Sep 2022, Tom Lew wrote: This is my first post, bear with me.. Package "grub-xen-host" shipped with point release 11.5 broke all PV domains on my Xen server, after "apt upgrade" from 11.4. I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017944 exactly mirroring my situation, and I wonder whether this can be fixed for other users in any (fast) way, upfront other users doing apt upgrade on their Xen hosts? My workaround for this ATM: install and pin previous grub-xen-host (grub-xen-host_2.04-20_amd64.deb, grub-xen-bin_2.04-20_amd64.deb, grub-common_2.04-20_amd64.deb). Probably the wrong way to fix it, but works for me so far(TM). In case this should be reported or added to something somewhere, please let me (a Debian bug reporting newbie) know. Snap. See "Should a serious bug have made in into bullseye 11.5?"
Package grub-xen-host breaks PV domains with 11.5 point release
This is my first post, bear with me.. Package "grub-xen-host" shipped with point release 11.5 broke all PV domains on my Xen server, after "apt upgrade" from 11.4. I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017944 exactly mirroring my situation, and I wonder whether this can be fixed for other users in any (fast) way, upfront other users doing apt upgrade on their Xen hosts? My workaround for this ATM: install and pin previous grub-xen-host (grub-xen-host_2.04-20_amd64.deb, grub-xen-bin_2.04-20_amd64.deb, grub-common_2.04-20_amd64.deb). Probably the wrong way to fix it, but works for me so far(TM). In case this should be reported or added to something somewhere, please let me (a Debian bug reporting newbie) know. Thanks Tom