openssl issue

Fri Mar 19 03:29:41 UTC 2004

Luc Bouchard wrote:

> On Thu, 2004-03-18 at 19:59, Swamper wrote:
> > I'd say he was helping out by bringing up such an important
> > issue.  Are you speaking for the Fedora Project and Redhat with
> > your "no more free lunch" remark?  I don't think so.  Anyone who
> > installs Fedora is helping out, in my opinion, especially those
> > who are running the development core.
> 
> I would disagree, commenting on not having a security update the day
> after the official vulnerability is announced isn't what I would call
> helping out.  The project released the update for testing today, someone
> who wanted to help out would test the release.
> 
> I'm still waiting for sunfreeware.com to put out an update for our
> Solaris 9 boxes.  Should I go on their mailing list and give them hell. 
> No that doesn't accomplish anything.  I'm not paying for their service,
> therefore I don't have the right to bitch at them.  Same goes for the
> Fedora Project.  This is not a for-profit company. IMHO the OP came
> across as someone bitching because a FREE product that is not targeted
> at production systems was not putting out security updates as quickly as
> possible.  There is a price to pay for everything in life, and the price
> we pay with FCx is that maybe we won't be getting updates as quickly as
> we did in the past.

I don't know; I figure it is our duty to bitch while testing
this stuff.  Some people have it down to an art.  You gotta
admire them for that.

> The no free lunch comment was about more than just Redhat and Fedora. 
> It's really about the whole open source movement.  Almost all of the big
> projects have now some form of commercial product, e.g. sendmail, MySQL,
> Postgresql, Redhat, Suse, and so on.  They only way we will be able to
> continue enjoying these platforms is if commercial users paid some money
> to help support the products.  All of our Redhat boxes at work are paid
> for, this lets me have a platform to play with at home.  If no one paid
> for these things, how long do you think the products would last?

Redhat is doing fine; we don't need to worry about them going
hungry.  It was Redhat that made Linus a multi-millionaire
afterall.

> <snip>
> > Since this was brought up in this forum, this would be
> > the appropriate place for that.  A simple, "Hell no we wouldn't
> > do something like that" would do.  Personally, I doubt that
> <snip>
> 
> You are absolutely right, the Fedora project needs much better
> documentation and communication on their website.  Someone does need to
> make a comment about when we should expect security updates.  But I for
> one will not be raising the alarm if it takes a few days to get them out
> for this platform.

The bitch was more about if the delay was intentional.  I'm not
doing anything critical with my setup; just a private little web
site and message board.  I don't mind waiting for updates with
development software but if it was by design then that's a whole
different matter.