1 |
"Hemmann, Volker Armin" <volker.armin.hemmann@××××××××××××.de> posted |
2 |
200701181712.53640.volker.armin.hemmann@××××××××××××.de, excerpted below, |
3 |
on Thu, 18 Jan 2007 17:12:53 +0100: |
4 |
|
5 |
> So much text from you, but where is the 'I was wrong, sorry'? |
6 |
> |
7 |
> Even if nvidia should have recognized the bug as a serious problem the |
8 |
> moment it was reported, they delivered the bugfix in 3 month, 3 days |
9 |
> after they got informed that it was security problem. And they did not |
10 |
> 'cover it up'. |
11 |
|
12 |
If I am demonstrated to be wrong, I say it, but it hasn't happened here. |
13 |
It WAS a security vuln, and as any such unhandled crash from native code, |
14 |
they should have treated it as a potential security vuln from the moment |
15 |
the found it until it was fixed or proven otherwise. |
16 |
|
17 |
As for time to a fix, the point is, regardless of how long it actually |
18 |
took, if the software master (see the sig) has respect for his users and |
19 |
makes source available, any user can either create a fix or arrange for it |
20 |
to be created. As it happens, in something that widely used, precisely |
21 |
/because/ the source is available, a decent share of such bugs (which we |
22 |
both agree happen in all non-trivial software) in the FLOSS community are |
23 |
fixed in rather LESS than "three months, three days". However, that's |
24 |
beside the point, since any user of such software who thinks such bugs |
25 |
aren't being turned around in a timely enough manner can arrange for a fix |
26 |
themselves, or simply apply a patch if someone else has already done so. |
27 |
Since it was slaveryware, that option wasn't available and a slave subject |
28 |
to master NVidia's whims and decisions on timing, unable to take their own |
29 |
needs and priorities into consideration and arrange for a fix sooner if |
30 |
they thought necessary, is /exactly/ what the users were. |
31 |
|
32 |
What if NVidia had taken a year to come out with a fix? What if they |
33 |
decided it wasn't worth their trouble and never came out with a fix? If |
34 |
it's Free software, there's an alternative, should the user wish to avail |
35 |
themselves if it. With slaveryware, that's exactly what the user is, a |
36 |
slave to the whims of the software's master. I make it a point to no |
37 |
longer be a slave to the whims of the masters of the code I run. That |
38 |
doesn't mean you have to, it just means I do. |
39 |
|
40 |
As for using the term slaveryware in my posts... You don't tell me how I |
41 |
feel about the software I believe is slaveryware and label it so in my |
42 |
posts, and I'll not insist you call it slaveryware in yours. After all, |
43 |
if you find my choice of terms offensive, you don't /have/ to read them. |
44 |
There /is/ this thing called a killfile, should you find it necessary to |
45 |
use. Call it heavenlyware in yours if you wish. Deal? =8^) |
46 |
|
47 |
(Oh, and backing someone into a corner by demanding an apology doesn't |
48 |
tend to be a very effective way of actually getting one. Let's not make |
49 |
this too personal, and agree that we /can/ disagree. It's not as if the |
50 |
world comes to an end because of it, after all. =8^) |
51 |
|
52 |
-- |
53 |
Duncan - List replies preferred. No HTML msgs. |
54 |
"Every nonfree program has a lord, a master -- |
55 |
and if you use the program, he is your master." Richard Stallman |
56 |
|
57 |
-- |
58 |
gentoo-amd64@g.o mailing list |