subject:"Package grub\-xen\-host breaks PV domains with 11.5 point release"

On 9/14/2022 11:01 PM, Maude Summerside wrote:
>
> On 2022-09-14 21:45, Michael Stone wrote:
> > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
> >> I'll be brutally honest: being accused of "possibly malicious"
> >> unwilligness is *not* a great way to convince overstretched volunteers
> >> to spend their time on issues.
> > 
> > Especially when it's an ongoing pattern of discourse.
> > 
>
> I think there's many barrier that discourage people from wanting to
> contribute to many project. I feel some developer use the community as
> unpaid beta tester but don't go further into accepting contribution.
>
> For sure, having managed some project, I have to say that it's hard to
> accept contribution that will add new functions to as software when
> these come from a unknown contributor. Not because of being scared of
> malicious intent (unless the person is really paranoid but that's
> another story). Simply because adding a new function means having to
> support it's ongoing development and there's no guarantee that the
> contributor will do so. Same goes on for code contributed that needs
> refactoring, that are badly documented, etc. But all this need some good
> social behavior from the project owner/manager.

As a user of the Debian software and a user of the BTS, I am discouraged not
because new contributions or functions are being rejected, but because bugs
are not being fixed. Those are two very different things. Maybe it's just too 
hard
for volunteers to fix the bugs and make Debian better, and maybe we need to
pay the volunteers so they are not volunteers anymore and will be motivated
to actually fix the Debian software. The fact that Debian is created by 
volunteers
is probably one of the really big disadvantages of Debian software.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Maude Summerside

On 2022-09-14 21:45, Michael Stone wrote:
> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
>> I'll be brutally honest: being accused of "possibly malicious"
>> unwilligness is *not* a great way to convince overstretched volunteers
>> to spend their time on issues.
> 
> Especially when it's an ongoing pattern of discourse.
> 

I think there's many barrier that discourage people from wanting to
contribute to many project. I feel some developer use the community as
unpaid beta tester but don't go further into accepting contribution.

For sure, having managed some project, I have to say that it's hard to
accept contribution that will add new functions to as software when
these come from a unknown contributor. Not because of being scared of
malicious intent (unless the person is really paranoid but that's
another story). Simply because adding a new function means having to
support it's ongoing development and there's no guarantee that the
contributor will do so. Same goes on for code contributed that needs
refactoring, that are badly documented, etc. But all this need some good
social behavior from the project owner/manager.

There's people who just think "I've done something free if people are
happy they use it, if they ain't they continue their journey". Those
don't accept criticism. But that's all part of the human behavior.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/22 6:16 PM, Steve McIntyre wrote:
> Stefan wrote:
> In article  you 
> write:
> >> the interest of the user. These "volunteers" obviously have other,
> >> possibly malicious, interests if they prove themselves unwilling to
> >> apply fixes to bugs that are reported to them.
> >
> >I think there's a confusion here: these volunteers will also have
> >"other, possibly malicious, interests" even if they are willing/eager
> >to apply fixes to bugs that are reported to them.
> >
> >Same goes for people you pay, so it's not specific to volunteers.
> >And of course it's also not specific to a particular kind of license.
>
> Thanks Stefan, it's great to see that some people understand the
> issues.
>
> I'll be brutally honest: being accused of "possibly malicious"
> unwilligness is *not* a great way to convince overstretched volunteers
> to spend their time on issues.
>

Thank you Steve, for the work you do as maintaining the grub software
packages on Debian.

I am not against giving maintainers like Steve just compensation for the
work they do fixing bugs, and by compensation I mean money.

Why not require the user to pay a small fee when reporting a bug
which can be used to provide just compensation for the services the
maintainers provide to the community when the maintainer fixes bugs?
I would be willing to pay a reasonably small fee that would go to the
maintainers who worked on the bug and successfully fixed it.

I'll be brutally honest: Being accused of being a troll is *not* a
great way to convince Debian users who want to contribute to
and help Debian to spend their free time helping maintainers fix
the bugs reported to the BTS. I also suspect many users agree
with me, but are afraid to say so for fear of being accused of
being a troll.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Michael Stone


On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:

I'll be brutally honest: being accused of "possibly malicious"
unwilligness is *not* a great way to convince overstretched volunteers
to spend their time on issues.


Especially when it's an ongoing pattern of discourse.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Maude Summerside




On 2022-09-14 17:06, Thiemo Kellner wrote:
> Am 14.09.22 um 18:39 schrieb Maude Summerside:
>> This is where intellectual shortcut starts...
>> Free/OSS doesn't mean GPL.
>> There's plenty of Free/OSS software that the copyright owner retains
>> right to commercial licensing. Just look at libraries, some of them will
>> be in such a licensing term that if you use the free version, you have
>> to share your code if you distribute it but they offer a commercial
>> license that allow you to link and distribute without source code. If
>> you only stick to Debian, no such thing because they aren't in the
>> licensing term accepted for distribution.
>>
>> But let say QT, you have a free version, force you to distribute freely
>> if linked against or you go with the commercial license.
>>
>> Why would the owner of the copyright regarding Chromium (that can write
>> their own terms) couldn't reserve himself a right to make a closed
>> source version (like Google Chrome, owned by the owner of Chromium
>> license).
>>
>> Something taking a break and make some research just shows off that we
>> don't only know how to type code, but we have a bit more knowledge than
>> that, regarding mostly real life example of what's also part of the
>> ecosystem.
> Thanks for trying to point out. I am afraid, it is beyond me as is dual
> licensing in general.
> 

We all have our forces and weakness, so we are all the same.
I'm probably not as fast as you can be for writing JavaScript code,
HTML, or whatever you do. But my force is mostly at project management,
legal and business side of IT solutions.

I've driven mostly medical projects so I'm pretty used to the *thingy*
related to licensing.

The error I see the most often is generalizing a situation, in this case
thinking that GPL means Free/OSS. And even there free ain't OSS.

One of the reason behind the birth of MariaDB was such a dual licensing
change to MySQL when eveil-Oracle purchased the right to the software.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Steve McIntyre

Stefan wrote:
In article  you write:
>> the interest of the user. These "volunteers" obviously have other,
>> possibly malicious, interests if they prove themselves unwilling to
>> apply fixes to bugs that are reported to them.
>
>I think there's a confusion here: these volunteers will also have
>"other, possibly malicious, interests" even if they are willing/eager
>to apply fixes to bugs that are reported to them.
>
>Same goes for people you pay, so it's not specific to volunteers.
>And of course it's also not specific to a particular kind of license.

Thanks Stefan, it's great to see that some people understand the
issues.

I'll be brutally honest: being accused of "possibly malicious"
unwilligness is *not* a great way to convince overstretched volunteers
to spend their time on issues.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Thiemo Kellner


Am 14.09.22 um 18:39 schrieb Maude Summerside:

This is where intellectual shortcut starts...
Free/OSS doesn't mean GPL.
There's plenty of Free/OSS software that the copyright owner retains
right to commercial licensing. Just look at libraries, some of them will
be in such a licensing term that if you use the free version, you have
to share your code if you distribute it but they offer a commercial
license that allow you to link and distribute without source code. If
you only stick to Debian, no such thing because they aren't in the
licensing term accepted for distribution.

But let say QT, you have a free version, force you to distribute freely
if linked against or you go with the commercial license.

Why would the owner of the copyright regarding Chromium (that can write
their own terms) couldn't reserve himself a right to make a closed
source version (like Google Chrome, owned by the owner of Chromium license).

Something taking a break and make some research just shows off that we
don't only know how to type code, but we have a bit more knowledge than
that, regarding mostly real life example of what's also part of the
ecosystem.
Thanks for trying to point out. I am afraid, it is beyond me as is dual 
licensing in general.


--
Signal (Safer than WhatsApp): +49 1578 7723737
Threema (Safer than WhatsApp): A76MKH3J
Handy: +49 1578 772 37 37

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Maude Summerside

On 2022-09-14 08:31, Chuck Zmudzinski wrote:

>>> For example, most web
>>> browsers are based on chromium, a free oss project that comes in large part 
>>> from
>>> Google, but some of the most-used browsers in the world based on chromium
>>> are proprietary, such as chrome and edge.
>> I am not sure that this holds true. I would be quite surprised that 
>> chromium or edged can legally use code of a OSS browser, being CSS. But 
>> I am not an attorney.

This is where intellectual shortcut starts...
Free/OSS doesn't mean GPL.
There's plenty of Free/OSS software that the copyright owner retains
right to commercial licensing. Just look at libraries, some of them will
be in such a licensing term that if you use the free version, you have
to share your code if you distribute it but they offer a commercial
license that allow you to link and distribute without source code. If
you only stick to Debian, no such thing because they aren't in the
licensing term accepted for distribution.

But let say QT, you have a free version, force you to distribute freely
if linked against or you go with the commercial license.

Why would the owner of the copyright regarding Chromium (that can write
their own terms) couldn't reserve himself a right to make a closed
source version (like Google Chrome, owned by the owner of Chromium license).

Something taking a break and make some research just shows off that we
don't only know how to type code, but we have a bit more knowledge than
that, regarding mostly real life example of what's also part of the
ecosystem.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Andrew M.A. Cater

People of debian-user :)

This thread does seem to be degenerating slightly into accusations and
name-calling, justified or not. Without prejudice to anyone: please may
I remind you that debian-user and all Debian lists and IRC channels are
subject to the Debian Code of Conduct.

It would be very much appreciated if disagreements could be resolved 
constructively and in a positive way. Ad hominem attacks don't help
anyone here. Taking a breath / walking away from the keyboard for half
a day might also help get a sense of perspective in any mailing list
opinion difference. (And yes, I know about https://xkcd.com/386/ and 
the difficulty that brings).

With every good wish, as ever,

Andy Cater

[For and on behalf of the Debian Community Team]

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 9:06 AM, The Wanderer wrote:
> On 2022-09-14 at 08:51, Chuck Zmudzinski wrote:
>
> > On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
> >
> >> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
> >>
> >> [...]
> >>
> >>> Actually, someone already has shown us how to do it better. His name is
> >>> Linus Torvalds [...]
> >>
> >> I don't know what your aim is.
> >>
> >> I have the impression that it's just arguing for arguing's sake [1].
> >>
> >> [1] in the classical sense of "trolling", as per Wikipedia:
> >>  "In Internet slang, a troll is a person who posts inflammatory,
> >>   insincere, digressive,[1] extraneous, or off-topic messages in
> >>   an online community [...], with the intent of provoking readers
> >>   into displaying emotional responses,[2] or manipulating others'
> >>   perception.
> >>   https://en.wikipedia.org/wiki/Trolling
> > 
> > So you are accusing me of being a troll. Well, it takes one to know one.
>
> No, it very much does not.
>
> > Congratulations! I am starting my own list of trolls on debian-user and
> > you are the first member of that list.
>
> Given the long, long history of helping people that Tomas has on this
> mailing list, I think that if you want to convince anyone other than
> yourself that Tomas is a troll, you're going to have a *very* heavy lift
> (or a whole lot of lying) ahead of you.
>
> (Mind, by my personal definition - which is a bit different from the
> above, though probably still largely compatible - I'm not entirely
> convinced that you're a troll either. But you're *definitely* behaving
> in such a way that I do not blame others for reaching that conclusion.)

I admit that I behaved like a troll when i tried to enter into a conversation 
with
Tomas. I do know he helps many people on this list, that is something good he
does. But on this thread, he also behaved like a troll and caused me to also
behave like a troll. That is a fact, if anyone wants to take the time to look at
what he said, the things he omitted in his replies, etc.

I especially noted his response to my introduction of the idea in this thread
that open source projects like Debian consider themselves communities, and
I wanted to emphasize that those who volunteer to help out with Debian or
other free software communities should not serve their own interests but the
interests of the community. After I made those points, that is when Tomas
started his ad hominum attacks against me and turned the conversation away
from what it means for Debian to be a community and changed it into an ad
hominum attack against me. It causes me to think there are some aspects of
the idea of Debian as a community that are offensive to him. From what he
actually did in this thread, I am inclined to think his idea of Debian as a 
community
is that it is a community of developers only, and not of users. Maybe he is 
right
about that. Maybe Debian *is only* a community of the one thousand or so
Debian developers with voting rights, and the rest of us are trolls if we dare 
to
express our opinions as mere Debian users on the debian-user list or on any
other Debian hosted forum.

So I am going to be very careful about trying to have an objective conversation
with Tomas, given what I actually saw him do in this thread, and given the 
mistake
I made by letting him bait me into appearing to be a troll. I will be careful
to not let that happen again.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > 
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether 
> OSS or CSS components of their service were breached, or even a social 
> engineering case.

There is information about the Yahoo data breach on the Internet, including the
$117 million class action case on behalf of 194 million class members:

https://www.cnbc.com/2020/02/06/what-to-do-if-you-got-email-from-yahoo-about-a-data-breach-settlement.html

I don't know if there is enough information available in the public domain to 
determine
to what extent free/oss software might have contributed to that data breach. I 
do remember
Yahoo admitted the number of affected accounts was around 500 million.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread The Wanderer

On 2022-09-14 at 08:51, Chuck Zmudzinski wrote:

> On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
>
>> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
>>
>> [...]
>>
>>> Actually, someone already has shown us how to do it better. His name is
>>> Linus Torvalds [...]
>>
>> I don't know what your aim is.
>>
>> I have the impression that it's just arguing for arguing's sake [1].
>>
>> [1] in the classical sense of "trolling", as per Wikipedia:
>>  "In Internet slang, a troll is a person who posts inflammatory,
>>   insincere, digressive,[1] extraneous, or off-topic messages in
>>   an online community [...], with the intent of provoking readers
>>   into displaying emotional responses,[2] or manipulating others'
>>   perception.
>>   https://en.wikipedia.org/wiki/Trolling
> 
> So you are accusing me of being a troll. Well, it takes one to know one.

No, it very much does not.

> Congratulations! I am starting my own list of trolls on debian-user and
> you are the first member of that list.

Given the long, long history of helping people that Tomas has on this
mailing list, I think that if you want to convince anyone other than
yourself that Tomas is a troll, you're going to have a *very* heavy lift
(or a whole lot of lying) ahead of you.

(Mind, by my personal definition - which is a bit different from the
above, though probably still largely compatible - I'm not entirely
convinced that you're a troll either. But you're *definitely* behaving
in such a way that I do not blame others for reaching that conclusion.)

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw

signature.asc
Description: OpenPGP digital signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
>
> [...]
>
> > Actually, someone already has shown us how to do it better. His name is
> > Linus Torvalds [...]
>
> I don't know what your aim is.
>
> I have the impression that it's just arguing for arguing's sake [1].
>
> [1] in the classical sense of "trolling", as per Wikipedia:
>  "In Internet slang, a troll is a person who posts inflammatory,
>   insincere, digressive,[1] extraneous, or off-topic messages in
>   an online community [...], with the intent of provoking readers
>   into displaying emotional responses,[2] or manipulating others'
>   perception.
>   https://en.wikipedia.org/wiki/Trolling
>

So you are accusing me of being a troll. Well, it takes one to know one.

Congratulations! I am starting my own list of trolls on debian-user and
you are the first member of that list.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 7:08 AM, debian-u...@howorth.org.uk wrote:
> > On 9/13/2022 3:59 PM, err...@free.fr wrote:
> > > Please STOP!
> > >
> > > you are annoying, and if you want improve free softwares, is not
> > > like this. you will better contribute with your code or with your
> > > translations than by writing to this mailing-list  
>
> I agree with the sentiments of annoyance and that this thread should
> stop now, please.

Not everyone agrees, because some have still been making comments here that
in my opinion and theirs are constructive and not just trolling.

>
> > The problem is, with all due respect, that I do have my code
> > improvements for free software, but some free software people do not
> > want to accept my contributions but instead want to allow the free
> > software to continue to have the bugs, and they will not explain
> > themselves either. Why should I waste my time contributing to
> > software projects who do not want my contributions? Treating people
> > who want to contribute this way is not the way to gain more advocates
> > for free software!
>
> But again you have been asked before to be specific about your
> objections, so a link to your proposed code improvements and whatever
> conversation there was when you submitted them would go some way to
> justifying the space and time you have already wasted on this list.
>
> > > I want you kicked from this list.  
> > 
> > Well, if you get me kicked off, I will be kicked off. But that is not
> > the way to build a community of people trying to make good software.
> > That is all I am advocating for, and I am really surprised to be
> > treated this way on this list for advocating for improved software in
> > Debian. I guess the trolls on here do not really want to increase the
> > number of people working on improving Debian. But without more
> > people, Debian cannot possibly provide quality support for 59,000
> > free software packages. That is just a fact, even it no one here
> > wants to acknowledge it.
>
> I haven't seen much evidence of trolls here, apart from yourself.

I did make the mistake of feeding a couple of trolls, from now on I will ignore 
them.
They baited me into appearing as a troll by refusing to acknowledge a simple 
truth
and forcing me to say the same obvious truth over and over again, and I 
understand
why some people might be annoyed by that.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
> > I think Megha is emphasizing, and possibly over-emphasizing, the fact 
> > that the persons
> > who actually commit the code in free software projects can operate with 
> > little or
> > no oversight when they are just volunteers not really accountable to anyone.
> And I very much think she is wrong there. Being software developer 
> myself, unfortunately closed source mainly, I can tell that oversight is 
> not related to the licensing model or the pay of the developer. I would 
> go to the length to say that volunteers take, in general, a bigger pride 
> in the quality of their work, because they are not payed for it. The few 
> quite fruitless attempts in writing OSS, I took, failed sometimes 
> because I intend to create the perfect solution and thus not 
> progressing, whereas in the work for money I am often forced to 
> implement a working solution I can tell from the start, it will not be 
> easily maintainable or extendable.
> > to think the situation might be better if either 1) open source projects 
> > exercised more
> > oversight than they currently do over the persons who actually write the 
> > code and
> > release the software
> As I already told. In over 25 years of experience, I do not have 
> complaints about the oversight taken by OSS projects, where as I 
> regularly can complain about closed source payed for software. In the 
> past two weeks I was hunting down a problem we had with IBM DataStage. 
> One of the parallel subprocess terminated unexpectedly and all the 
> message DataStage cared to give was that the subprocess received a 
> SIGINT. We hope to have work around, because we could not find the 
> source. To me, one of the worst things one can do as developer not to 
> have proper error reporting - unless you know, you will not get bothered 
> when the shit starts to hit the fan.
> > , or 2) free/oss software never became ubiquitous. We just cannot
> > know without being able to do a time machine experiment and see how the 
> > software
> > world would have developed if free/oss software had not become as 
> > ubiquitous as it is
> > today.
> I cannot agree with you at all on this point. Omnipresence of OSS does 
> not mean there are more error in the code. It just means there are more 
> users to detect problems, thus more possiblities for the bugs to get 
> fixed. Sure, if OSS developers are overloaded the will not get to fix 
> all the problems, just as developers on CSS (closed source software). 
> Much more, because the sales man can sell better new shiny features even 
> if useless, than stable code. The buyer expects that flaws get fixed for 
> free, maybe rightly so, thus the CSS company will fix as few bugs it can 
> get away with (exageration).
> > If there was not a serious problem of malware, identity theft, ransomware, 
> > etc.,
> > I would be more inclined to question what Megha Verma wrote, but based on 
> > what
> > I see in how free/oss projects are governed, I am not surprised that a 
> > world that relies
> > on so much free/oss software also suffers from so much malware, ransomware, 
> > identity
> > theft, etc.
> Again, my experience with OSS is not this one. And I very much think, 
> that malware, ransomware usually is software on its own not built-in any 
> software. Maybe exploiting a backdoor a company put in their products 
> for ease of maintenance or just by negligence. Identity theft sounds 
> like social engineering or man in the middle attack. The latter not 
> necessarily being a problem of OSS.
> >   Just because *you* have not experienced malware in the software you use
> > does not mean that there are no cases where free/oss software is being 
> > deployed
> > elsewhere in a stealthy way for malicious purposes.
>
> I did not state that OSS was free of flaws and bugs. I am make a point 
> to state that in my experience there are fewer bugs therein than in CSS.
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether 
> OSS or CSS components of their service were breached, or even a social 
> engineering case.
> >
> > I know people will reply and say it is much worse with proprietary 
> > software. But we
> > really cannot know for sure, because free/oss is so ubiquitous now it is 
> > hard to
> > separate free/oss software from proprietary software.
>
> I certainly can tell my experience comparing OSS to CSS. And there I OSS 
> gets better off. And for the rest, well I cannot tell it is this or the 
> other way around at all.
>
> > For example, most web
> > browsers are based on chromium, a free oss project that comes in large part 
> > from
> > Google, but some of the most-used browsers in the world based on chromium
> > are proprietary, such as chrome and edge.
> I am

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 6:47 PM, Stefan Monnier wrote:
> > If free/oss projects like Debian want to provide software with those
> > positive characteristics to their users, those projects must have in
> > place some level of oversight over what the persons who actually write
> > the software actually do, or don't do in the case of failing to fix
> > bugs that could easily be fixed, so that the goals of quality, useful,
> > safe, and secure software are reached.
>
> That's why I like Free Software: all of this is done out in the open,
> making oversight particularly easy.
>
> For proprietary code you generally simply can't do that at all because
> it's all kept secret.
>
>
> Stefan
>

We really agree on this point, thanks.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 4:38 PM, Stefan Monnier wrote:
> > The users. They stop using software or any product that does not work
> > well or is more trouble than it is worth. Then the entity, whether
> > a free/oss or proprietary provider ends up shutting down
> > the enterprise.
>
> But, being Free Software, any remaining user can keep using it,
> improving it, checking if it contains any back doors, hire someone else
> to do it, etc...
>
> >> You do realize that nobody enforces that on proprietary software
> >> either, right?
> > The users do, in the marketplace - and what is not used by enough
> > users eventually disappears.
>
> That's right.  And then you're typically completely screwed even if it
> happened to work well for you.
>
> The company will also blissfully ignore your requests if you're part of
> too-small a slice of their users.  Ever tried to get an `armhf` binary for
> a proprietary GNU/Linux software?
>
> > I think it is true that the "best" software development model depends
> > less on free/oss vs.  proprietary and more on the wisdom, foresight,
> > integrity, and technical expertise of those doing the work and making
> > the important decisions.
>
> I don't care which is better.  I just prefer not to depend on the
> goodwill of a company (most of which I know act against my interest;
> probably inevitably because they are beholden to their shareholders).

Of course you know many of those companies that you know act against your
interests have employees who "volunteer" to contribute to free/oss software 
projects,
so in practice the free/oss software is not free from this problem, but a truly
open project can make it possible to find out which volunteers are not acting
in the true interests of those who advocate for the benefits of free/oss 
software,
and this is not possible in secretive, proprietary organizations.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread debian-user

> On 9/13/2022 3:59 PM, err...@free.fr wrote:
> > Please STOP!
> >
> > you are annoying, and if you want improve free softwares, is not
> > like this. you will better contribute with your code or with your
> > translations than by writing to this mailing-list  

I agree with the sentiments of annoyance and that this thread should
stop now, please.

> The problem is, with all due respect, that I do have my code
> improvements for free software, but some free software people do not
> want to accept my contributions but instead want to allow the free
> software to continue to have the bugs, and they will not explain
> themselves either. Why should I waste my time contributing to
> software projects who do not want my contributions? Treating people
> who want to contribute this way is not the way to gain more advocates
> for free software!

But again you have been asked before to be specific about your
objections, so a link to your proposed code improvements and whatever
conversation there was when you submitted them would go some way to
justifying the space and time you have already wasted on this list.

> > I want you kicked from this list.  
> 
> Well, if you get me kicked off, I will be kicked off. But that is not
> the way to build a community of people trying to make good software.
> That is all I am advocating for, and I am really surprised to be
> treated this way on this list for advocating for improved software in
> Debian. I guess the trolls on here do not really want to increase the
> number of people working on improving Debian. But without more
> people, Debian cannot possibly provide quality support for 59,000
> free software packages. That is just a fact, even it no one here
> wants to acknowledge it.

I haven't seen much evidence of trolls here, apart from yourself.
Again, specifics help if you wish to make such claims, rather than
general assertions.

> Best regards,
> 
> Chuck
>

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread tomas

On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:

[...]

> Actually, someone already has shown us how to do it better. His name is
> Linus Torvalds [...]

I don't know what your aim is.

I have the impression that it's just arguing for arguing's sake [1].

My time is too short to take part in this.

From time to time you mix blatant falsehoods like the above (Linus
wouldn't have got anywhere with his kernel had'nt he had at the time
a whole free toolchain (C compiler, linker, build tools like Make,
etc.), a whole user space (shell ls, cp, sed, you name it), all
courtesy of the GNU project (he acknowledges that, you seem to ignore
it, either by lack of research or by malice, I don't even want to
know at this point).

This is how free software works: you use things out there and build
other things for others to use. *YOU* decide what *you* build. *OTHERS*
decide what *they* do with it. So simple. You seem to have a beef
with that. You can keep your beef. All of it.

I'm out of this thread.

[1] in the classical sense of "trolling", as per Wikipedia:
 "In Internet slang, a troll is a person who posts inflammatory,
  insincere, digressive,[1] extraneous, or off-topic messages in
  an online community [...], with the intent of provoking readers
  into displaying emotional responses,[2] or manipulating others'
  perception.
  https://en.wikipedia.org/wiki/Trolling

-- 
t

signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Thiemo Kellner


Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:

On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
I think Megha is emphasizing, and possibly over-emphasizing, the fact 
that the persons

who actually commit the code in free software projects can operate with little 
or
no oversight when they are just volunteers not really accountable to anyone.
And I very much think she is wrong there. Being software developer 
myself, unfortunately closed source mainly, I can tell that oversight is 
not related to the licensing model or the pay of the developer. I would 
go to the length to say that volunteers take, in general, a bigger pride 
in the quality of their work, because they are not payed for it. The few 
quite fruitless attempts in writing OSS, I took, failed sometimes 
because I intend to create the perfect solution and thus not 
progressing, whereas in the work for money I am often forced to 
implement a working solution I can tell from the start, it will not be 
easily maintainable or extendable.

to think the situation might be better if either 1) open source projects 
exercised more
oversight than they currently do over the persons who actually write the code 
and
release the software
As I already told. In over 25 years of experience, I do not have 
complaints about the oversight taken by OSS projects, where as I 
regularly can complain about closed source payed for software. In the 
past two weeks I was hunting down a problem we had with IBM DataStage. 
One of the parallel subprocess terminated unexpectedly and all the 
message DataStage cared to give was that the subprocess received a 
SIGINT. We hope to have work around, because we could not find the 
source. To me, one of the worst things one can do as developer not to 
have proper error reporting - unless you know, you will not get bothered 
when the shit starts to hit the fan.

, or 2) free/oss software never became ubiquitous. We just cannot
know without being able to do a time machine experiment and see how the software
world would have developed if free/oss software had not become as ubiquitous as 
it is
today.
I cannot agree with you at all on this point. Omnipresence of OSS does 
not mean there are more error in the code. It just means there are more 
users to detect problems, thus more possiblities for the bugs to get 
fixed. Sure, if OSS developers are overloaded the will not get to fix 
all the problems, just as developers on CSS (closed source software). 
Much more, because the sales man can sell better new shiny features even 
if useless, than stable code. The buyer expects that flaws get fixed for 
free, maybe rightly so, thus the CSS company will fix as few bugs it can 
get away with (exageration).

If there was not a serious problem of malware, identity theft, ransomware, etc.,
I would be more inclined to question what Megha Verma wrote, but based on what
I see in how free/oss projects are governed, I am not surprised that a world 
that relies
on so much free/oss software also suffers from so much malware, ransomware, 
identity
theft, etc.
Again, my experience with OSS is not this one. And I very much think, 
that malware, ransomware usually is software on its own not built-in any 
software. Maybe exploiting a backdoor a company put in their products 
for ease of maintenance or just by negligence. Identity theft sounds 
like social engineering or man in the middle attack. The latter not 
necessarily being a problem of OSS.

  Just because *you* have not experienced malware in the software you use
does not mean that there are no cases where free/oss software is being deployed
elsewhere in a stealthy way for malicious purposes.


I did not state that OSS was free of flaws and bugs. I am make a point 
to state that in my experience there are fewer bugs therein than in CSS.



I am fairly sure I was a victim of
the breach of Yahoo that affected hundreds of millions of its users.
I am sorry for you. I do not know this case, so I cannot tell whether 
OSS or CSS components of their service were breached, or even a social 
engineering case.


I know people will reply and say it is much worse with proprietary software. 
But we
really cannot know for sure, because free/oss is so ubiquitous now it is hard to
separate free/oss software from proprietary software.


I certainly can tell my experience comparing OSS to CSS. And there I OSS 
gets better off. And for the rest, well I cannot tell it is this or the 
other way around at all.



For example, most web
browsers are based on chromium, a free oss project that comes in large part from
Google, but some of the most-used browsers in the world based on chromium
are proprietary, such as chrome and edge.
I am not sure that this holds true. I would be quite surprised that 
chromium or edged can legally use code of a OSS browser, being CSS. But 
I am not an attorney.

I recommend everyone be very aware of the risks of using any software, whether
it be proprietary software or free/oss software in today's

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Larry Martell

On Tue, Sep 13, 2022 at 3:48 PM Stefan Monnier  wrote:
>
> > If free/oss projects like Debian want to provide software with those
> > positive characteristics to their users, those projects must have in
> > place some level of oversight over what the persons who actually write
> > the software actually do, or don't do in the case of failing to fix
> > bugs that could easily be fixed, so that the goals of quality, useful,
> > safe, and secure software are reached.
>
> That's why I like Free Software: all of this is done out in the open,
> making oversight particularly easy.
>
> For proprietary code you generally simply can't do that at all because
> it's all kept secret.

I thought this argument was over many years ago. This is an old book,
but it seems people need to read it today:
https://www.amazon.com/Cathedral-Bazaar-Musings-Accidental-Revolutionary/dp/0596001088

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 4:31 PM, Stefan Monnier wrote:
> > the interest of the user. These "volunteers" obviously have other,
> > possibly malicious, interests if they prove themselves unwilling to
> > apply fixes to bugs that are reported to them.
>
> I think there's a confusion here: these volunteers will also have
> "other, possibly malicious, interests" even if they are willing/eager
> to apply fixes to bugs that are reported to them.
>
> Same goes for people you pay, so it's not specific to volunteers.
> And of course it's also not specific to a particular kind of license.
>
>
> Stefan
>

So I presume you agree that no matter the kind of license, development model, 
etc.,
it is in the interest of the users of software for there to be oversight of 
what the persons
who actually write the code and release the software to the public actually do 
to deter
them from doing anything malicious, and if they do not act in the interest of 
the users,
then they are undermining the purpose of any software project that claims to 
provide
quality software that is secure, useful, and safe to use.

If free/oss projects like Debian want to provide software with those positive
characteristics to their users, those projects must have in place some level of 
oversight
over what the persons who actually write the software actually do, or don't do 
in the
case of failing to fix bugs that could easily be fixed, so that the goals of 
quality, useful,
safe, and secure software are reached.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
> Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski:
> > "Open Source Software is accessible to all means it can be used and 
> > misused.
> > And, that’s where it turns unconstructive for us. With OSS, we can expect 
> > harm,
> > virus transfer, identity burglary, and many other malicious practices to 
> > hurt the
> > process." [1]
> > ...
> > 
> > [1] 
> > https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413
>
> Hi Chuck
>
> ...
>
> I do not quite get the meaning of "Open Source Software is accessible to 
> all means it can be used and misused." by Megha Verma. Assuming that it 
> is by its nature possible to "inject" malicious code then yes and no. 
> Yes, it theoretically is possible as anyone can get and change the code, 
> but no, if the project is fairly well maintained, i.e. no commits to the 
> main branch of the code repository without any review. Personally, I 
> have been using OSS for more than 25 years and never had the suspicion 
> any of the OSS I used was acting malicious.

I think Megha is emphasizing, and possibly over-emphasizing, the fact that the 
persons
who actually commit the code in free software projects can operate with little 
or
no oversight when they are just volunteers not really accountable to anyone. 
Also,
we do not really know what the malware/ransomware situation would be like today
around the world if free/oss software were not as ubiquitous as it is today in 
web
servers, phone operating systems like android, etc. It clearly is not a good 
situation
now regarding malware and ransomware around the world, and it is not 
unreasonable
to think the situation might be better if either 1) open source projects 
exercised more
oversight than they currently do over the persons who actually write the code 
and
release the software, or 2) free/oss software never became ubiquitous. We just 
cannot
know without being able to do a time machine experiment and see how the software
world would have developed if free/oss software had not become as ubiquitous as 
it is
today. If there was not a serious problem of malware, identity theft, 
ransomware, etc.,
I would be more inclined to question what Megha Verma wrote, but based on what
I see in how free/oss projects are governed, I am not surprised that a world 
that relies
on so much free/oss software also suffers from so much malware, ransomware, 
identity
theft, etc. Just because *you* have not experienced malware in the software you 
use
does not mean that there are no cases where free/oss software is being deployed
elsewhere in a stealthy way for malicious purposes. I am fairly sure I was a 
victim of
the breach of Yahoo that affected hundreds of millions of its users. A word to 
the wise:
be vigilant about the software you use and take note of any red flags.

I know people will reply and say it is much worse with proprietary software. 
But we
really cannot know for sure, because free/oss is so ubiquitous now it is hard to
separate free/oss software from proprietary software. For example, most web
browsers are based on chromium, a free oss project that comes in large part from
Google, but some of the most-used browsers in the world based on chromium
are proprietary, such as chrome and edge.

I recommend everyone be very aware of the risks of using any software, whether
it be proprietary software or free/oss software in today's world of so much 
malware.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Thiemo Kellner

Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski:
"Open Source Software is accessible to all means it can be used and
misused.

And, that’s where it turns unconstructive for us. With OSS, we can expect harm,
virus transfer, identity burglary, and many other malicious practices to hurt
the
process." [1]

I would not go so far to say that is happening in Debian, but I have experienced
the fact that not every bug that is important to my use case will be fixed
quickly
in Debian, even if I or other users takes the time to find the fix and share it
with the Debian developers. This experience of mine with Debian as a long-time
user of Debian *does* raise suspicion in my mind, and I would not be suspicious
of malicious intent by Debian developers and maintainers if they were more
responsive to some bugs they just ignore for months and even years. I agree
my suspicion does not prove malice, but my suspicion is reasonable when there
are Debian "volunteers" who do work in corporate environments where the
interests of their employer might conflict with the interests of the open source
software projects such as Debian that they contribute to. This is simply a risk
that
users of Debian software, or of any open source software, should be aware of,
and users should know how to mitigate this risk of malicious activity within
open source software projects like Debian.

So it as a fact that if a person is just a user of Debian and not an official
developer of Debian, there is no guarantee that the use case of that particular
user will receive prompt attention from the official Debian developers. That
is true because Debian developers are just volunteers and not liable for any
problems the software they release might cause to those who use Debian
software. That is a *big disadvantage* of open source software.

Best regards,

Chuck

[1]
https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413

Hi Chuck

While I think that you are partly right (prioritization of bug fixing of
OSS) but my experience of closed source software (even paid for) is that
one usually is only the small fish in the pond and one's needs are
rather put back. However, with OSS, if you cannot fix it yourself - I
suppose most users cannot do - one is free to give incentives to get
one's wishes done. You can call it bribery if you like or putting a
bounty on a problem.

I do not quite get the meaning of "Open Source Software is accessible to
all means it can be used and misused." by Megha Verma. Assuming that it
is by its nature possible to "inject" malicious code then yes and no.
Yes, it theoretically is possible as anyone can get and change the code,
but no, if the project is fairly well maintained, i.e. no commits to the
main branch of the code repository without any review. Personally, I
have been using OSS for more than 25 years and never had the suspicion
any of the OSS I used was acting malicious.

I also would like to point to the table of mentioned lady. It states
that OSS is open and FREE. As far as I am informed, the latter is not
mandatory. I believe Richard Stallman put it that way: OSS is free as in
freedom and not as in free beer. I hardly have ever noticed OSS not
being free of fees but yet it is possible. Either she did not know, or
she did not notice when putting in the table. But be it as it may, I
think, that the association of OSS with free beer raises the expectation
that OSS maintenance is not to cost a dime, and therefore a bad
association. Thus, I have begun to donate to OSS projects to give back
in that way at least.

Kind regards

Thiemo

--
Signal (Safer than WhatsApp): +49 1578 7723737
Threema (Safer than WhatsApp): A76MKH3J
Handy: +49 1578 772 37 37

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 3:59 PM, err...@free.fr wrote:
> Please STOP!
>
> you are annoying, and if you want improve free softwares, is not like this.
> you will better contribute with your code or with your translations than by 
> writing to this mailing-list

The problem is, with all due respect, that I do have my code improvements for 
free software, but some free software people do not want to accept my 
contributions but instead want to allow the free software to continue to have 
the bugs, and they will not explain themselves either. Why should I waste my 
time contributing to software projects who do not want my contributions? 
Treating people who want to contribute this way is not the way to gain more 
advocates for free software!

>
> I want you kicked from this list.

Well, if you get me kicked off, I will be kicked off. But that is not the way 
to build a community of people trying to make good software. That is all I am 
advocating for, and I am really surprised to be treated this way on this list 
for advocating for improved software in Debian. I guess the trolls on here do 
not really want to increase the number of people working on improving Debian. 
But without more people, Debian cannot possibly provide quality support for 
59,000 free software packages. That is just a fact, even it no one here wants 
to acknowledge it.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread err404




Please STOP!

you are annoying, and if you want improve free softwares, is not like this.
you will better contribute with your code or with your translations than by 
writing to this mailing-list

I want you kicked from this list.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 2:33 PM, Michael Stone wrote:
> On Tue, Sep 13, 2022 at 02:14:38PM -0400, Chuck Zmudzinski wrote:
> >So do you, obviously. Someone said something that raised that question in my 
> >mind,
> >but you deleted that part from this message, which proves you are the one 
> >who has
> >an ax to grind by not answering the question that has been raised by the 
> >comments
> >you and another person has been making.
>
> What question?

You identified "rhetorical questions" that you wanted me to stop.

> I saw no question. Either talk about specifics or it's 
> nothing but empty FUD.
>
> >> Either get to the point and discuss
> >> what's bothering you directly or stop with the pointless rhetorical
> >> questions.
> >>
> >
> >It bothers me that there are supposed advocates of free/oss software like 
> >Debian
> >who think that it is good for free/oss software if the persons who volunteer
> >to develop and maintain free software like Debian can ignore bugs reported 
> >to them
> >and refuse to fix them.
>
> Here's the thing: it's open source. If you think it's not being done 
> right THEN YOU DO IT DIFFERENTLY. If you don't like how some software is 
> being maintained, fork it and show everyone how it can be done better.

Actually, someone already has shown us how to do it better. His name is
Linus Torvalds. Debian and other oss projects should see and understand
what he does that makes the Linux kernel a truly useful software project. Debian
is successful because of the Linux kernel, not the other way around.

Since you bring up forks, I have an opinion about that. Everyone have their own
fork is not a sustainable model for free/oss software, IMHO. If everyone needs
to have their own fork, that is because of the failure of the way free/oss 
projects
are governed. Again this is just my opinion, but I think it is valid.

There is a place for some forks when the goal of the project has a particular 
focus,
but for a project like Debian, which currently claims to support 59000 free 
software
packages in the stable distribution, the focus is on general purpose computing 
and,
IMHO, it is a failure for Debian and free/oss software when a fork such as 
Devuan
happens. The Devuan fork proved how ridiculous it is for Debian to claim to be 
able
to support 59000 software packages in its stable distribution, which is 
currently what
the "Reasons to use Debian" page on debian.org claims. I think that if Debian 
really
wants to provide *high quality* support for each and every one of the 59000 
software
packages in its repositories, it should look at the Devuan fork and try to 
understand
what it could have done to prevent it from happening. All those people working 
on
Devuan could still be working on Debian. I don't understand why it was good for 
that
fork to happen. Just my opinion, FWIW.

>  
> It's unreasonable to just sit on the sidelines and make vague 
> accusations. The ax you want to grind seems to involve one specific 
> issue.

The issue is the survival of free/oss software - it will not survive if the idea
that those who develop and maintain free/oss software don't have to respond
to the bugs that are reported to them prevails. No one will use it if the people
who create it are free to let the problems that inevitably arise go without 
fixing
them.

> Tell us what it is, then everyone can decide for themselves 
> whether you have a point, whether it can/should be addressed, or whether 
> you're just mad that you can't make someone else do what you want.

I think I have clarified what the issue is sufficiently. I am not mad that I 
cannot
make someone else do what I want. I would just be sad if free/oss software
dies out because it was taken over by people who refused to acknowledge the
simple idea that it is bad for free/oss software if those who develop and
maintain the software are free to not fix the bugs that users report to them.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Michael Stone


On Tue, Sep 13, 2022 at 02:14:38PM -0400, Chuck Zmudzinski wrote:

So do you, obviously. Someone said something that raised that question in my 
mind,
but you deleted that part from this message, which proves you are the one who 
has
an ax to grind by not answering the question that has been raised by the 
comments
you and another person has been making.


What question? I saw no question. Either talk about specifics or it's 
nothing but empty FUD.



Either get to the point and discuss
what's bothering you directly or stop with the pointless rhetorical
questions.



It bothers me that there are supposed advocates of free/oss software like Debian
who think that it is good for free/oss software if the persons who volunteer
to develop and maintain free software like Debian can ignore bugs reported to 
them
and refuse to fix them.


Here's the thing: it's open source. If you think it's not being done 
right THEN YOU DO IT DIFFERENTLY. If you don't like how some software is 
being maintained, fork it and show everyone how it can be done better. 
It's unreasonable to just sit on the sidelines and make vague 
accusations. The ax you want to grind seems to involve one specific 
issue. Tell us what it is, then everyone can decide for themselves 
whether you have a point, whether it can/should be addressed, or whether 
you're just mad that you can't make someone else do what you want.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 2:02 PM, Michael Stone wrote:
> On Tue, Sep 13, 2022 at 12:42:12PM -0400, Chuck Zmudzinski wrote:
> >Software projects today, IIUC, are communities. The "volunteers" should do 
> >what the community
> >wants, not necessarily what you or I want. Do you think the free/oss 
> >software community wants
> >volunteers who ignore bugs or refuse to fix bugs in free/oss software? If 
> >they do ignore a
> >bug or refuse to fix a bug with a known fix, don't they owe an explanation 
> >to the community?
> >If not, why not?
>
> You seem to have an ax to grind.

So do you, obviously. Someone said something that raised that question in my 
mind,
but you deleted that part from this message, which proves you are the one who 
has
an ax to grind by not answering the question that has been raised by the 
comments
you and another person has been making.

> Either get to the point and discuss 
> what's bothering you directly or stop with the pointless rhetorical 
> questions.
>

It bothers me that there are supposed advocates of free/oss software like Debian
who think that it is good for free/oss software if the persons who volunteer
to develop and maintain free software like Debian can ignore bugs reported to 
them
and refuse to fix them. If you think that is good for free/oss software, I 
disagree with
you. Fortunately, you are just one person, and I doubt the Debian community or
any other free software community wants the persons who develop and maintain
the software to ignore and/or refuse to fix the bugs reported to them.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Michael Stone


On Tue, Sep 13, 2022 at 12:42:12PM -0400, Chuck Zmudzinski wrote:

Software projects today, IIUC, are communities. The "volunteers" should do what 
the community
wants, not necessarily what you or I want. Do you think the free/oss software 
community wants
volunteers who ignore bugs or refuse to fix bugs in free/oss software? If they 
do ignore a
bug or refuse to fix a bug with a known fix, don't they owe an explanation to 
the community?
If not, why not?


You seem to have an ax to grind. Either get to the point and discuss 
what's bothering you directly or stop with the pointless rhetorical 
questions.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Tim Woodall


On Tue, 13 Sep 2022, Chuck Zmudzinski wrote:


I agree with that. But the price-performance ratio could be even better if the 
"volunteers"
in free/oss software projects were not free to ignore bugs reported to them.



Pretty much everything worked for this grub bug other than some
unfortunate setting of priorities. The bug wasn't around long enough
that you can assume it was being ignored.

Yes, I agree there's some annoyance when volunteers ignore bugs that
have patches, there's one in ucf that has caused me no end of grief but
it's pretty easy to rebuild with patches and patches are easy to find.

There was that recent bash + ssh bug that I got lots of help with here a
few weeks ago. I have a patched bash - it would be nice not to have to
keep that but it's not a big deal.

I've been just as guilty the other way. I found a minor bug in dump but
it took me ages (probably years) to bother report it and then it was
fixed in a few days. Possibly I was the only person to encounter it and
when I couldn't fix it in five minutes I just put up with it and did
nothing.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 12:36 PM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 12:25:40PM -0400, Chuck Zmudzinski wrote:
>
> [...]
>
> > I agree with that. But the price-performance ratio could be even better if 
> > the "volunteers"
> > in free/oss software projects were not free to ignore bugs reported to them.
>
> Hm. I doubt that. Perhaps they will do more what *you* want,

Software projects today, IIUC, are communities. The "volunteers" should do what 
the community
wants, not necessarily what you or I want. Do you think the free/oss software 
community wants
volunteers who ignore bugs or refuse to fix bugs in free/oss software? If they 
do ignore a
bug or refuse to fix a bug with a known fix, don't they owe an explanation to 
the community?
If not, why not?

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread tomas

On Tue, Sep 13, 2022 at 12:25:40PM -0400, Chuck Zmudzinski wrote:

[...]

> I agree with that. But the price-performance ratio could be even better if 
> the "volunteers"
> in free/oss software projects were not free to ignore bugs reported to them.

Hm. I doubt that. Perhaps they will do more what *you* want, but if they
are free to do what they want, the software's quality is higher?

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 11:53 AM, Michael Stone wrote:
> On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:
> >On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> >> On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
> >>
> >> > [...] "I can't get personalized/dedicated support with enforceable
> >> > SLAs for free"
> >
> >If the requirement that maintainers and developers of free/oss software must 
> >actually
> >fix the bugs reported to them is not enforced, then free/oss software *is* 
> >vulnerable to
> >all kinds of malicious activity by the "volunteers" who create the free/oss 
> >software.
>
> Enforced by whom? How?

The users. They stop using software or any product that does not work well or
is more trouble than it is worth. Then the entity, whether a free/oss or 
proprietary
provider ends up shutting down the enterprise.

> You do realize that nobody enforces that on 
> proprietary software either, right?

The users do, in the marketplace - and what is not used by enough users 
eventually
disappears.

> THIS IS NOT A CHARACTERISTIC THAT 
> DISTINGUISHES OPEN SOURCE AND CLOSED SOURCE SOFTWARE. Given that, 
> continuing this discussion seems silly. (Especially since it appears 
> that you'll simply to repeat your original assertion, mistaken though it 
> is, without even trying to address to the points that others have made.)
>

I think it is true that the "best" software development model depends less on 
free/oss vs.
proprietary and more on the wisdom, foresight, integrity, and technical 
expertise of
those doing the work and making the important decisions.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 11:44 AM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:
> > On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> > > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
> > >
> > > > [...] "I can't get personalized/dedicated support with enforceable
> > > > SLAs for free"
> > 
> > If the requirement that maintainers and developers of free/oss software 
> > must actually
> > fix the bugs reported to them is not enforced, then free/oss software *is* 
> > vulnerable to
> > all kinds of malicious activity by the "volunteers" who create the free/oss 
> > software.
> > 
> > >
> > > Had I a printer, I'd print out this, frame it and hang it on the
> > > wall. This makes the point very nicely :-)
> > >
> > > Cheers
> > 
> > Yes, it is true, no one should use Debian or any software maintained by 
> > totally
> > unaccountable "volunteers" for any mission-critical purpose without also 
> > hiring
> > someone with the time and expertise to do what is necessary to make such 
> > software
> > secure and bug-free for the intended purpose of the software. That is, users
> > must *not trust* the volunteers who maintain and develop Debian software to 
> > act in
> > the interest of the user [...]
>
> But how is that different from commercial software?

Not that much different. I like the fact that we have free/oss software now so
we can see which "volunteers" who sometimes work for big corporations choose to
ignore bugs reported to them. I won't trust those "volunteers" nor will I trust
the companies they work for, nor will I trust the software and hardware those
companies release into the marketplace. I also think it is better for free/oss
projects to enforce some minimum level of effort on the "volunteers" who
maintain and develop the software to reduce the chances that the
"volunteers" can get away with abusing their position as "volunteers" who have
the power to upload official software to the free/oss projects' download 
servers.

> The commercial entity
> is bound to the shareholders and to the paying customers -- based on how
> much they pay for. If you, as a customer, are shelling out a significant
> amount of money, you can as well pay a dedicated person to keep your
> free software in shape. Probably the price-performance ratio will be
> better.

I agree with that. But the price-performance ratio could be even better if the 
"volunteers"
in free/oss software projects were not free to ignore bugs reported to them.

Cheers

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Michael Stone

On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:

On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:

On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:

> [...] "I can't get personalized/dedicated support with enforceable
> SLAs for free"

If the requirement that maintainers and developers of free/oss software must 
actually
fix the bugs reported to them is not enforced, then free/oss software *is* 
vulnerable to
all kinds of malicious activity by the "volunteers" who create the free/oss 
software.

Enforced by whom? How? You do realize that nobody enforces that on 
proprietary software either, right? THIS IS NOT A CHARACTERISTIC THAT 
DISTINGUISHES OPEN SOURCE AND CLOSED SOURCE SOFTWARE. Given that, 
continuing this discussion seems silly. (Especially since it appears 
that you'll simply to repeat your original assertion, mistaken though it 
is, without even trying to address to the points that others have made.)

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread tomas

On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:
> On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
> >
> > > [...] "I can't get personalized/dedicated support with enforceable
> > > SLAs for free"
> 
> If the requirement that maintainers and developers of free/oss software must 
> actually
> fix the bugs reported to them is not enforced, then free/oss software *is* 
> vulnerable to
> all kinds of malicious activity by the "volunteers" who create the free/oss 
> software.
> 
> >
> > Had I a printer, I'd print out this, frame it and hang it on the
> > wall. This makes the point very nicely :-)
> >
> > Cheers
> 
> Yes, it is true, no one should use Debian or any software maintained by 
> totally
> unaccountable "volunteers" for any mission-critical purpose without also 
> hiring
> someone with the time and expertise to do what is necessary to make such 
> software
> secure and bug-free for the intended purpose of the software. That is, users
> must *not trust* the volunteers who maintain and develop Debian software to 
> act in
> the interest of the user [...]

But how is that different from commercial software? The commercial entity
is bound to the shareholders and to the paying customers -- based on how
much they pay for. If you, as a customer, are shelling out a significant
amount of money, you can as well pay a dedicated person to keep your
free software in shape. Probably the price-performance ratio will be
better.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
>
> > [...] "I can't get personalized/dedicated support with enforceable
> > SLAs for free"

If the requirement that maintainers and developers of free/oss software must 
actually
fix the bugs reported to them is not enforced, then free/oss software *is* 
vulnerable to
all kinds of malicious activity by the "volunteers" who create the free/oss 
software.

>
> Had I a printer, I'd print out this, frame it and hang it on the
> wall. This makes the point very nicely :-)
>
> Cheers

Yes, it is true, no one should use Debian or any software maintained by totally
unaccountable "volunteers" for any mission-critical purpose without also hiring
someone with the time and expertise to do what is necessary to make such 
software
secure and bug-free for the intended purpose of the software. That is, users
must *not trust* the volunteers who maintain and develop Debian software to act 
in
the interest of the user. These "volunteers" obviously have other, possibly 
malicious,
interests if they prove themselves unwilling to apply fixes to bugs that are 
reported to
them.

Thanks for clarifying that fact.

Best regards

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-12 Thread tomas

On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:

> [...] "I can't get personalized/dedicated support with enforceable
> SLAs for free"

Had I a printer, I'd print out this, frame it and hang it on the
wall. This makes the point very nicely :-)

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/12/22 3:32 PM, Michael Stone wrote:
> On Mon, Sep 12, 2022 at 01:47:49PM -0400, Chuck Zmudzinski wrote:
> >Well, I suppose so, but I am pleased that a grub maintainer is now on the 
> >case. Still,
> >there is another Debian bug that affects me that continues to be ignored, so 
> >I admit
> >I have an attitude about that. I accept that what is of grave or important 
> >severity to
> >me is not necessarily of grave or critical severity to the official Debian 
> >maintainers
> >and developers. I wish to merely point out that what is often said about the 
> >advantages
> >and disadvantages of free, open-source software that is maintained by 
> >volunteers is
> >true:
>
> No, it's a misguided conclusion that isn't supported by facts. I can 
> think of any number of bugs in closed source software that aren't fixed. 
> The only real difference is this: with open source software you might 
> actually be told "I'm not going to prioritize this because I'm a 
> volunteer and prefer to do something else", while with propietary 
> software the discussion that concludes "this customer isn't important 
> enough to require a change in the priority of the request" isn't going 
> to be public and all you'll ever be told is that the request is being 
> reviewed or somesuch. 
>
> There is an exception that proves the rule, however: if you're a large 
> enough customer, paying enough money, you may well get a team of people 
> dedicated to implementing whatever you ask for. But here's the 
> thing--you can get the same level of service for open source software, 
> if you're willing to pay for it. (Not directly from debian, but there 
> are consultants/etc that will provide such services.) Your complaint 
> really boils down to "I can't get personalized/dedicated support with 
> enforceable SLAs for free", which is just as true for proprietary 
> software as it is for open source software.
>

I actually agree free/oss is better - if I was a big paying customer
(I am not), I would pay for a free/oss solution instead of a proprietary
solution because the entire development of the solution would be in the
open which would make it more difficult for the persons implementing
the solution to do anything malicious behind closed doors.

Still, I think it is obvious that the success of free/oss projects depends
very much on whether or not the persons who volunteer as developers
and maintainers actually respond to and fix bugs. Also, if the persons
who volunteer as developers and maintainers can ignore bug
reports without any consequences from the community, then the
possibility for free/oss software to fully realize the advantages of the
free/oss software development model over the proprietary model is
undermined.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-12 Thread Michael Stone


On Mon, Sep 12, 2022 at 01:47:49PM -0400, Chuck Zmudzinski wrote:

Well, I suppose so, but I am pleased that a grub maintainer is now on the case. 
Still,
there is another Debian bug that affects me that continues to be ignored, so I 
admit
I have an attitude about that. I accept that what is of grave or important 
severity to
me is not necessarily of grave or critical severity to the official Debian 
maintainers
and developers. I wish to merely point out that what is often said about the 
advantages
and disadvantages of free, open-source software that is maintained by 
volunteers is
true:


No, it's a misguided conclusion that isn't supported by facts. I can 
think of any number of bugs in closed source software that aren't fixed. 
The only real difference is this: with open source software you might 
actually be told "I'm not going to prioritize this because I'm a 
volunteer and prefer to do something else", while with propietary 
software the discussion that concludes "this customer isn't important 
enough to require a change in the priority of the request" isn't going 
to be public and all you'll ever be told is that the request is being 
reviewed or somesuch. 

There is an exception that proves the rule, however: if you're a large 
enough customer, paying enough money, you may well get a team of people 
dedicated to implementing whatever you ask for. But here's the 
thing--you can get the same level of service for open source software, 
if you're willing to pay for it. (Not directly from debian, but there 
are consultants/etc that will provide such services.) Your complaint 
really boils down to "I can't get personalized/dedicated support with 
enforceable SLAs for free", which is just as true for proprietary 
software as it is for open source software.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-12 Thread The Wanderer

On 2022-09-12 at 14:50, Chuck Zmudzinski wrote:

> On 9/12/2022 1:58 PM, The Wanderer wrote:
> 
>> On 2022-09-12 at 13:47, Chuck Zmudzinski wrote:

>>> I wish to merely point out that what is often said about the
>>> advantages and disadvantages of free, open-source software that
>>> is maintained by volunteers is true:
>>> 
>>> An advantage is that  the user has full access to the source code
>>> and is free to fix problems if the official releases have
>>> unpatched bugs but this of course costs time and resources
>>> devoted to solving problems that are not fixed promptly in the
>>> official release. A disadvantage is that often the priorities of
>>> the developers who release free, open source software are not
>>> always the same as the priorities of any particular user, so
>>> there is no guarantee that the developers of free, open source
>>> software will ever get around to fixing a problem that might be
>>> causing trouble for some subset of users of the software who very
>>> often just stop using the free, open source software and return
>>> to proprietary software that just works for them without a big
>>> hassle or effort to keep it working well and securely.
>> 
>> I am inclined to dispute one aspect of this characterization.
>> 
>> That which you cite here as a disadvantage is only a disadvantage 
>> (relative to proprietary software) if the proprietary software
>> does, as you say, "just work for them".
>> 
>> It is equally possible (if not more) to find that a given piece of 
>> proprietary software does not meet your needs (because the
>> priorities of its developers, or at least the people who pay them,
>> do not match your priorities).
>> 
>> If that happens, you don't even have the option of falling back to
>> hack the source and run your own version; you're effectively stuck.
>> As I understand matters, that is in fact the reason Free Software
>> was invented in the first place.
>> 
>> With access to the source and appropriate license guaranteeing you
>> the right to modify it (et cetera), if the priorities of the
>> developers don't match yours you do at least have the possibility
>> of going in and fixing it yourself - whether as a patch to go
>> upstream, or a public fork, or even just a local fork. With
>> proprietary software, you don't have that option.
>> 
>> As such, not only is this not a disadvantage unique to Free
>> Software, it's a disadvantage that exists even *worse* with
>> proprietary software.
> 
> I agree OSS that works well is much better than proprietary software,
> because it makes a software solution that works well accessible to
> all the users.

That's not the argument I was making, though. The argument I was making
is that when OSS software (or at least Free Software - FLOSS, if you
want an acronym) doesn't work well, you have the option to fix it,
whereas when proprietary software doesn't work well, you don't have that
option.

> The disadvantage is that in practice, OSS does not always work as
> well and is sometimes more buggy than proprietary software

And sometimes the reverse is true. Or sometimes *both* don't work well.
Or sometimes both *do* work well.

Disadvantage is *relative*; one thing can be at an advantage or
disadvantage over another.

The things you're citing as disadvantages of OSS software are not unique
or exclusive to OSS software; they can happen just as easily and as well
with proprietary software. As such, they are not a disadvantage of OSS
vs. proprietary software; advantages or disadvantages can only manifest
in *differences*.

> when, for example, the developers and maintainers are unwilling or
> unable to fix bugs or add features and the users do not have the
> ability to fix the problems or convince the developers to fix the
> problems,

That happens at least as much with proprietary software. At least with
FLOSS software, you're more likely to have the ability to contact the
developers at all, and the developers are less likely to be subject to
restraints that would prohibit them from making a particular change even
if they wanted to.

The rest of your response is getting into fields I'm not interested in
trying to address at present; my focus in my reply was entirely on the
point of whether or not the things you're alleging are actually a
disadvantage for FLOSS as compared against proprietary software, and the
rest of your points don't seem to address that focus.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw

signature.asc
Description: OpenPGP digital signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/12/2022 1:58 PM, The Wanderer wrote:
> On 2022-09-12 at 13:47, Chuck Zmudzinski wrote:
>
> > On 9/12/2022 12:14 PM, David Wright wrote:
> > 
> >> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote:
>
> >>> The grub maintainers do not have the time or interest to fix it.
> >>> Perhaps the Xen users could try to convince the Xen maintainers
> >>> to do an nmu to fix it if the grub maintainers continue to ignore
> >>> the bug, but I don't know if that breaks the etiquette that 
> >>> governs such things in the world of Debian developers - I am just
> >>> a Debian user.
> >> 
> >> There seems to be some attitude here.
> > 
> > Well, I suppose so, but I am pleased that a grub maintainer is now on
> > the case. Still, there is another Debian bug that affects me that
> > continues to be ignored, so I admit I have an attitude about that. I
> > accept that what is of grave or important severity to me is not
> > necessarily of grave or critical severity to the official Debian
> > maintainers and developers. I wish to merely point out that what is
> > often said about the advantages and disadvantages of free,
> > open-source software that is maintained by volunteers is true:
> > 
> > An advantage is that  the user has full access to the source code and
> > is free to fix problems if the official releases have unpatched bugs
> > but this of course costs time and resources devoted to solving
> > problems that are not fixed promptly in the official release. A
> > disadvantage is that often the priorities of the developers who
> > release free, open source software are not always the same as the
> > priorities of any particular user, so there is no guarantee that the
> > developers of free, open source software will ever get around to
> > fixing a problem that might be causing trouble for some subset of 
> > users of the software who very often just stop using the free, open
> > source software and return to proprietary software that just works
> > for them without a big hassle or effort to keep it working well and
> > securely.
>
> I am inclined to dispute one aspect of this characterization.
>
> That which you cite here as a disadvantage is only a disadvantage
> (relative to proprietary software) if the proprietary software does, as
> you say, "just work for them".
>
> It is equally possible (if not more) to find that a given piece of
> proprietary software does not meet your needs (because the priorities of
> its developers, or at least the people who pay them, do not match your
> priorities).
>
> If that happens, you don't even have the option of falling back to hack
> the source and run your own version; you're effectively stuck. As I
> understand matters, that is in fact the reason Free Software was
> invented in the first place.
>
> With access to the source and appropriate license guaranteeing you the
> right to modify it (et cetera), if the priorities of the developers
> don't match yours you do at least have the possibility of going in and
> fixing it yourself - whether as a patch to go upstream, or a public
> fork, or even just a local fork. With proprietary software, you don't
> have that option.
>
> As such, not only is this not a disadvantage unique to Free Software,
> it's a disadvantage that exists even *worse* with proprietary software.
>

I agree OSS that works well is much better than proprietary software, because it
makes a software solution that works well accessible to all the users. The 
disadvantage
is that in practice, OSS does not always work as well and is sometimes more 
buggy
than proprietary software when, for example, the developers and maintainers
are unwilling or unable to fix bugs or add features and the users do not have
the ability to fix the problems or convince the developers to fix the problems, 
and
it is especially a problem when the only reason the OSS supporters give for not
fixing problems is: "we are just volunteers." Really good, secure software is 
not
going to come from volunteers who are never required to at least explain why 
they
fail to fix bugs that have a known fix but remain open for an unreasonably long 
time
due to the lack of attention to the bug by the developers and maintainers. 
Unfortunately,
this does happen in Debian, and as long as defenders of OSS continue to say, 
"they are just
volunteers," there will always be a risk that the "volunteers" will be able to 
sabotage the
real goals of OSS software. In the end, though, OSS is probably best because 
those who do
sabotage OSS software eventually get caught precisely because the process of
developing OSS is also open so the malice is eventually discovered by the 
community and
the malicious actors are removed from positions where they can cause harm.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-12 Thread tomas

On Mon, Sep 12, 2022 at 01:47:49PM -0400, Chuck Zmudzinski wrote:

[...]

> [...] A disadvantage is that often the priorities of the developers who 
> release
> free, open source software are not always the same as the priorities of any 
> particular
> user [...]

This might have been different back when the user used to be the paying
customer. That ship has sailed long ago. Even back then, attention was
optimized towards the "biggest subset".

> Megha Verma of medium.com goes so far to say a disadvantage of OSS is that 
> free
> open source software can be misused for malicious purposes, but it would be 
> hard
> to prove what she says is true, but her point is that the way open source 
> projects
> are governed lends itself to possible abuse. This is how she explains it:
> 
> "Open Source Software is accessible to all means it can be used and misused.
> And, that’s where it turns unconstructive for us. With OSS, we can expect 
> harm,
> virus transfer, identity burglary, and many other malicious practices to hurt 
> the
> process." [1]

Aha. That's why the most virus-ridden operating system out there is "open 
source".
Oh, wait...

This is naive.

No. Such simplistic views are just wrong. I'm not saying free software
is immune against malware. Not by a long shot. There are strengths and
weaknesses -- in my eyes, the biggest strength of free software (I much
prefer this spelling to the other, mind you) is the higher average level
of proficiency among their users, something free software fosters by its
very model.

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-12 Thread The Wanderer

On 2022-09-12 at 13:47, Chuck Zmudzinski wrote:

> On 9/12/2022 12:14 PM, David Wright wrote:
> 
>> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote:

>>> The grub maintainers do not have the time or interest to fix it.
>>> Perhaps the Xen users could try to convince the Xen maintainers
>>> to do an nmu to fix it if the grub maintainers continue to ignore
>>> the bug, but I don't know if that breaks the etiquette that 
>>> governs such things in the world of Debian developers - I am just
>>> a Debian user.
>> 
>> There seems to be some attitude here.
> 
> Well, I suppose so, but I am pleased that a grub maintainer is now on
> the case. Still, there is another Debian bug that affects me that
> continues to be ignored, so I admit I have an attitude about that. I
> accept that what is of grave or important severity to me is not
> necessarily of grave or critical severity to the official Debian
> maintainers and developers. I wish to merely point out that what is
> often said about the advantages and disadvantages of free,
> open-source software that is maintained by volunteers is true:
> 
> An advantage is that  the user has full access to the source code and
> is free to fix problems if the official releases have unpatched bugs
> but this of course costs time and resources devoted to solving
> problems that are not fixed promptly in the official release. A
> disadvantage is that often the priorities of the developers who
> release free, open source software are not always the same as the
> priorities of any particular user, so there is no guarantee that the
> developers of free, open source software will ever get around to
> fixing a problem that might be causing trouble for some subset of 
> users of the software who very often just stop using the free, open
> source software and return to proprietary software that just works
> for them without a big hassle or effort to keep it working well and
> securely.

I am inclined to dispute one aspect of this characterization.

That which you cite here as a disadvantage is only a disadvantage
(relative to proprietary software) if the proprietary software does, as
you say, "just work for them".

It is equally possible (if not more) to find that a given piece of
proprietary software does not meet your needs (because the priorities of
its developers, or at least the people who pay them, do not match your
priorities).

If that happens, you don't even have the option of falling back to hack
the source and run your own version; you're effectively stuck. As I
understand matters, that is in fact the reason Free Software was
invented in the first place.

With access to the source and appropriate license guaranteeing you the
right to modify it (et cetera), if the priorities of the developers
don't match yours you do at least have the possibility of going in and
fixing it yourself - whether as a patch to go upstream, or a public
fork, or even just a local fork. With proprietary software, you don't
have that option.

As such, not only is this not a disadvantage unique to Free Software,
it's a disadvantage that exists even *worse* with proprietary software.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw

signature.asc
Description: OpenPGP digital signature

Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/12/2022 12:14 PM, David Wright wrote:
> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote:
> > On 9/12/2022 12:55 AM, David Wright wrote:
> > >
> > > I would imagine a fix could follow quite quickly as it only requires
> > > rebuilding with a filename added to a list of files not to have
> > > their symbols stripped (or reverting the compatibility level change).
> > 
> > The patch to fix the bug with the dh_strip override was identified six days 
> > ago
> > in the bug report by a user, yet AFAICT the grub maintainers have not even
> > acknowledged the existence of this bug yet to those who have contributed
> > to the bug report on BTS. So I do not expect a fix very soon.
>
> I don't see why: I see Steve's post from several hours ago.

Sorry, I missed that, Steve is a grub maintainer and now he is looking at the 
bug, and that is a
good and encouraging fact.

>
> > The grub maintainers
> > do not have the time or interest to fix it. Perhaps the Xen users could try 
> > to
> > convince the Xen maintainers to do an nmu to fix it if the grub maintainers
> > continue to ignore the bug, but I don't know if that breaks the etiquette 
> > that
> > governs such things in the world of Debian developers - I am just a Debian 
> > user.
>
> There seems to be some attitude here.

Well, I suppose so, but I am pleased that a grub maintainer is now on the case. 
Still,
there is another Debian bug that affects me that continues to be ignored, so I 
admit
I have an attitude about that. I accept that what is of grave or important 
severity to
me is not necessarily of grave or critical severity to the official Debian 
maintainers
and developers. I wish to merely point out that what is often said about the 
advantages
and disadvantages of free, open-source software that is maintained by 
volunteers is
true:

An advantage is that  the user has full access to the source code and is free 
to fix
problems if the official releases have unpatched bugs but this of course costs 
time
and resources devoted to solving problems that are not fixed promptly in the 
official
release. A disadvantage is that often the priorities of the developers who 
release
free, open source software are not always the same as the priorities of any 
particular
user, so there is no guarantee that the developers of free, open source 
software will
ever get around to fixing a problem that might be causing trouble for some 
subset of
users of the software who very often just stop using the free, open source 
software
and return to proprietary software that just works for them without a big 
hassle or
effort to keep it working well and securely.

Megha Verma of medium.com goes so far to say a disadvantage of OSS is that free
open source software can be misused for malicious purposes, but it would be hard
to prove what she says is true, but her point is that the way open source 
projects
are governed lends itself to possible abuse. This is how she explains it:

"Open Source Software is accessible to all means it can be used and misused.
And, that’s where it turns unconstructive for us. With OSS, we can expect harm,
virus transfer, identity burglary, and many other malicious practices to hurt 
the
process." [1]

I would not go so far to say that is happening in Debian, but I have experienced
the fact that not every bug that is important to my use case will be fixed 
quickly
in Debian, even if I or other users takes the time to find the fix and share it
with the Debian developers. This experience of mine with Debian as a long-time
user of Debian *does* raise suspicion in my mind, and I would not be suspicious
of malicious intent by Debian developers and maintainers if they were more
responsive to some bugs they just ignore for months and even years. I agree
my suspicion does not prove malice, but my suspicion is reasonable when there
are Debian "volunteers" who do work in corporate environments where the
interests of their employer might conflict with the interests of the open source
software projects such as Debian that they contribute to. This is simply a risk 
that
users of Debian software, or of any open source software, should be aware of,
and users should know how to mitigate this risk of malicious activity within
open source software projects like Debian.

So it as a fact that if a person is just a user of Debian and not an official
developer of Debian, there is no guarantee that the use case of that particular
user will receive prompt attention from the official Debian developers. That
is true because Debian developers are just volunteers and not liable for any
problems the software they release might cause to those who use Debian
software. That is a *big disadvantage* of open source software.

Best regards,

Chuck

[1] 
https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413

Re: Package grub-xen-host breaks PV domains with 11.5 point release

2022-09-12 Thread David Wright

On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote:
> On 9/12/2022 12:55 AM, David Wright wrote:
> > On Mon 12 Sep 2022 at 01:15:47 (+0200), Tom Lew wrote:
> > > This is my first post, bear with me..
> > > 
> > > Package "grub-xen-host" shipped with point release 11.5 broke all PV
> > > domains on my Xen server, after "apt upgrade" from 11.4.
> > > 
> > > I found https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017944
> > > exactly mirroring my situation, and I wonder whether this can be fixed
> > > for other users in any (fast) way, upfront other users doing apt
> > > upgrade on their Xen hosts?
> > > 
> > > My workaround for this ATM: install and pin previous grub-xen-host
> > > (grub-xen-host_2.04-20_amd64.deb, grub-xen-bin_2.04-20_amd64.deb,
> > > grub-common_2.04-20_amd64.deb). Probably the wrong way to fix it, but
> > > works for me so far(TM).
> > > 
> > > In case this should be reported or added to something somewhere,
> > > please let me (a Debian bug reporting newbie) know.
> >
> > I would imagine a fix could follow quite quickly as it only requires
> > rebuilding with a filename added to a list of files not to have
> > their symbols stripped (or reverting the compatibility level change).
> 
> The patch to fix the bug with the dh_strip override was identified six days 
> ago
> in the bug report by a user, yet AFAICT the grub maintainers have not even
> acknowledged the existence of this bug yet to those who have contributed
> to the bug report on BTS. So I do not expect a fix very soon.

I don't see why: I see Steve's post from several hours ago.

> The grub maintainers
> do not have the time or interest to fix it. Perhaps the Xen users could try to
> convince the Xen maintainers to do an nmu to fix it if the grub maintainers
> continue to ignore the bug, but I don't know if that breaks the etiquette that
> governs such things in the world of Debian developers - I am just a Debian 
> user.

There seems to be some attitude here.

> > AFAICT apt-listbugs would have reported this to you before
> > the upgrade of grub-xen-host took place, as someone had reported
> > it on 22 Aug. So it might be worth installing apt-listbugs.

Cheers,
David.

Re: Package grub-xen-host breaks PV domains with 11.5 point release