Subject: Re: Shouldn't distros and ISVs ensure that security updates get deployed promptly?
Date: Wednesday 4th February 2009 16:50:54 UTC (over 9 years ago)
On Wed, 4 Feb 2009, Mike Hearn wrote: > > > The fact that you even _think_ you should be that trustworthy is totally > > irrelevant, and somewhat scary. > > Dan is talking from the perspective of the people writing the software > in question. They are the most qualified to understand the severity > and impact of a bug. So your point makes no sense. And you are _completely_ wrong. The people writing the software are the _least_ objective, and the fact that you don't understand/acknowledge that only shows that you have no friggin' clue. Yes, they may "technically" be the people with the most information, but they are also the ones furthest removed from actual users - by definition. And they are also the ones that are most emotionally (and often financially) tied to things like "newest version". There are _lots_ of examples of software people deciding to leave an old version behind, despite the fact that essentially all users want to use it. And yes, there are examples of those software people not doing security fixes to the old version, because they want to "encourage" their users to go to the new-and-improved version. The fact that you don't see that as a problem just means that you should not have _anything_ to do with the upgrade path. Sorry, but this is not just some theoretical thing. You're wrong. You're _seriously_ wrong. Linus PS. That's not even mentioning all the issues which you can get with commercial software, where there are pressures from other vendors and/or your own financial side to perhaps even _degrade_ the functionality of the software, and then call it a "security fix". Don't tell me that doesn't happen. Look at Apple. It happens ALL THE TIME.