openssl issue

Luc Bouchard luc at luker.on.ca
Fri Mar 19 02:00:03 UTC 2004


On Thu, 2004-03-18 at 19:59, Swamper wrote:
> I'd say he was helping out by bringing up such an important
> issue.  Are you speaking for the Fedora Project and Redhat with
> your "no more free lunch" remark?  I don't think so.  Anyone who
> installs Fedora is helping out, in my opinion, especially those
> who are running the development core.

I would disagree, commenting on not having a security update the day
after the official vulnerability is announced isn't what I would call
helping out.  The project released the update for testing today, someone
who wanted to help out would test the release.

I'm still waiting for sunfreeware.com to put out an update for our
Solaris 9 boxes.  Should I go on their mailing list and give them hell. 
No that doesn't accomplish anything.  I'm not paying for their service,
therefore I don't have the right to bitch at them.  Same goes for the
Fedora Project.  This is not a for-profit company. IMHO the OP came
across as someone bitching because a FREE product that is not targeted
at production systems was not putting out security updates as quickly as
possible.  There is a price to pay for everything in life, and the price
we pay with FCx is that maybe we won't be getting updates as quickly as
we did in the past.

The no free lunch comment was about more than just Redhat and Fedora. 
It's really about the whole open source movement.  Almost all of the big
projects have now some form of commercial product, e.g. sendmail, MySQL,
Postgresql, Redhat, Suse, and so on.  They only way we will be able to
continue enjoying these platforms is if commercial users paid some money
to help support the products.  All of our Redhat boxes at work are paid
for, this lets me have a platform to play with at home.  If no one paid
for these things, how long do you think the products would last?

<snip>
> Since this was brought up in this forum, this would be
> the appropriate place for that.  A simple, "Hell no we wouldn't
> do something like that" would do.  Personally, I doubt that
<snip>

You are absolutely right, the Fedora project needs much better
documentation and communication on their website.  Someone does need to
make a comment about when we should expect security updates.  But I for
one will not be raising the alarm if it takes a few days to get them out
for this platform.

Luc Bouchard





More information about the fedora-list mailing list