Le dim. 16 janv. 2022 à 22:27, Sam Ruby <[email protected]> a écrit : > > On Sun, Jan 16, 2022 at 1:49 PM Dominik Psenner <[email protected]> wrote: > > > I have no intention to tear apart the document. I am dealing with non > > technical fellows on a daily basis and from my experience the document > > still too technical. > > > > That's what I was afraid of, and what I very much want to fix.
>From [1]: ---CUT--- Log4j is a chunk of laptop code that builders can put into purposes to watch, or “log”, something from mundane operations to vital alerts. Those detailed logs may also help programmers debug software and is used by tens of millions of purposes. ---CUT--- How much less technical can it be? >> [...] > > I actually don't think we go there. Essentially there is a recall on a > thingamabob. Most people don't know how cars work either, but when they > get a recall, they take it in to get fixed. The people who don't know how cars work are not the people who get to decide when a safety recall is warranted. I'm confused about what can be undertaken by an audience that does not understand what "code" means in this context. > What's different here is that > it is not just one model or even make of a car that is getting recalled, > but rather a large number of different manufacturers that are affected. > And they are wondering why this is, As noted in the quote above: The component provides a functionality that can be plugged in any software. > and want to make sure that it doesn't > happen again. In Log4j, or in any open source software, or in any software? > > [...] > > Unfortunately, I don't know of a good analogy for open source. Doesn't the focus on "open source" entertain an a priori that it increases the risk of vulnerabilities (while it can be construed that it rather increases the likelihood that vulnerabilities are discovered before they can be exploited)? Regards, Gilles [1] https://mywinet.com/some-federal-systems-affected-by-software-flaw-us-official-says/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
