Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Linus Torvalds <torvalds <at> linux-foundation.org>
Subject: Re: Shouldn't distros and ISVs ensure that security updates get deployed promptly?
Newsgroups: gmane.comp.desktop.architects
Date: Wednesday 4th February 2009 16:50:54 UTC (over 8 years ago)
On Wed, 4 Feb 2009, Mike Hearn wrote:
>
> > The fact that you even _think_ you should be that trustworthy is
totally
> > irrelevant, and somewhat scary.
> 
> Dan is talking from the perspective of the people writing the software
> in question. They are the most qualified to understand the severity
> and impact of a bug. So your point makes no sense.

And you are _completely_ wrong.

The people writing the software are the _least_ objective, and the fact 
that you don't understand/acknowledge that only shows that you have no 
friggin' clue.

Yes, they may "technically" be the people with the most information, but 
they are also the ones furthest removed from actual users - by definition. 
And they are also the ones that are most emotionally (and often 
financially) tied to things like "newest version".

There are _lots_ of examples of software people deciding to leave an old 
version behind, despite the fact that essentially all users want to use 
it. And yes, there are examples of those software people not doing 
security fixes to the old version, because they want to "encourage" their 
users to go to the new-and-improved version.

The fact that you don't see that as a problem just means that you should 
not have _anything_ to do with the upgrade path.

Sorry, but this is not just some theoretical thing. You're wrong. You're 
_seriously_ wrong.

			Linus

PS. That's not even mentioning all the issues which you can get with 
commercial software, where there are pressures from other vendors and/or 
your own financial side to perhaps even _degrade_ the functionality of the 
software, and then call it a "security fix". Don't tell me that doesn't 
happen. Look at Apple. It happens ALL THE TIME.
 
CD: 3ms