| 1 |
"Hemmann, Volker Armin" <volker.armin.hemmann@××××××××××××.de> posted |
| 2 |
200701181712.53640.volker.armin.hemmann@××××××××××××.de, excerpted below, |
| 3 |
on Thu, 18 Jan 2007 17:12:53 +0100: |
| 4 |
|
| 5 |
> So much text from you, but where is the 'I was wrong, sorry'? |
| 6 |
> |
| 7 |
> Even if nvidia should have recognized the bug as a serious problem the |
| 8 |
> moment it was reported, they delivered the bugfix in 3 month, 3 days |
| 9 |
> after they got informed that it was security problem. And they did not |
| 10 |
> 'cover it up'. |
| 11 |
|
| 12 |
If I am demonstrated to be wrong, I say it, but it hasn't happened here. |
| 13 |
It WAS a security vuln, and as any such unhandled crash from native code, |
| 14 |
they should have treated it as a potential security vuln from the moment |
| 15 |
the found it until it was fixed or proven otherwise. |
| 16 |
|
| 17 |
As for time to a fix, the point is, regardless of how long it actually |
| 18 |
took, if the software master (see the sig) has respect for his users and |
| 19 |
makes source available, any user can either create a fix or arrange for it |
| 20 |
to be created. As it happens, in something that widely used, precisely |
| 21 |
/because/ the source is available, a decent share of such bugs (which we |
| 22 |
both agree happen in all non-trivial software) in the FLOSS community are |
| 23 |
fixed in rather LESS than "three months, three days". However, that's |
| 24 |
beside the point, since any user of such software who thinks such bugs |
| 25 |
aren't being turned around in a timely enough manner can arrange for a fix |
| 26 |
themselves, or simply apply a patch if someone else has already done so. |
| 27 |
Since it was slaveryware, that option wasn't available and a slave subject |
| 28 |
to master NVidia's whims and decisions on timing, unable to take their own |
| 29 |
needs and priorities into consideration and arrange for a fix sooner if |
| 30 |
they thought necessary, is /exactly/ what the users were. |
| 31 |
|
| 32 |
What if NVidia had taken a year to come out with a fix? What if they |
| 33 |
decided it wasn't worth their trouble and never came out with a fix? If |
| 34 |
it's Free software, there's an alternative, should the user wish to avail |
| 35 |
themselves if it. With slaveryware, that's exactly what the user is, a |
| 36 |
slave to the whims of the software's master. I make it a point to no |
| 37 |
longer be a slave to the whims of the masters of the code I run. That |
| 38 |
doesn't mean you have to, it just means I do. |
| 39 |
|
| 40 |
As for using the term slaveryware in my posts... You don't tell me how I |
| 41 |
feel about the software I believe is slaveryware and label it so in my |
| 42 |
posts, and I'll not insist you call it slaveryware in yours. After all, |
| 43 |
if you find my choice of terms offensive, you don't /have/ to read them. |
| 44 |
There /is/ this thing called a killfile, should you find it necessary to |
| 45 |
use. Call it heavenlyware in yours if you wish. Deal? =8^) |
| 46 |
|
| 47 |
(Oh, and backing someone into a corner by demanding an apology doesn't |
| 48 |
tend to be a very effective way of actually getting one. Let's not make |
| 49 |
this too personal, and agree that we /can/ disagree. It's not as if the |
| 50 |
world comes to an end because of it, after all. =8^) |
| 51 |
|
| 52 |
-- |
| 53 |
Duncan - List replies preferred. No HTML msgs. |
| 54 |
"Every nonfree program has a lord, a master -- |
| 55 |
and if you use the program, he is your master." Richard Stallman |
| 56 |
|
| 57 |
-- |
| 58 |
gentoo-amd64@g.o mailing list |
Archives