Daniel Shahaf wrote on Mon, 17 Jan 2022 10:24 +00:00:
> It's simply a cache invalidation problem. It has nothing to do with
> open source (either the class of licenses or the software development
> paradigm).
And if you need definitions for these (need editing):
- Open source (class of license) — a class of copyright licenses that
enable providing software to anyone gratis, with permission to
modify/redistribute, without any warranty. Example: the MIT
license.
Why is this a thing?
+ Because the cost of sharing the code is zero. Even when commercial
actors are involved, the cost of sharing the code is zero or
negative, since prospective clients are more willing to pay for
support/customization/* for code if they can audit that code
themselves and need not fear vendor lock-in. Also, one benefits
from bugfixes written by others, etc..
+ Because open source solutions scale both up and down. Someone who's
just starting with computers might use Linux or BSD because they're
available gratis. If that person then has to manage a thousand
servers, they will naturally go for Linux or BSD, because that's
what they already know… and it turns out Linux and BSD are up
to the task.
+ For technical reasons [some major programming languages make it
a lot easier to distribute source code than to distribute bytecode or
native executables; also, don't have to provide binaries for every
CPU architecture someone might use; etc.]
Extra reading: tldrlegal, choosealicense, Open Source Definition,
DFSG, producingoss, Kerchoffs' principle.
- Open source (development methodology) — a collaboration paradigm
characterized by engineer-to-engineer collaboration open for anyone to
constructively participate in. Commercial interests are usually
checked in at the door. This reduces duplication of effort and
allows experts to pool their expertises [sic].
Extra reading: producingoss; [Apache Way docs]; ...
But again, in the end, the problem isn't specific to open source.
I guess log4j was more popular than the closed-source alternatives
to it, but that doesn't make the problem a problem of open source.
https://en.wikipedia.org/wiki/Association_fallacy
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
