On 4/21/07, George Herbert george.herbert@gmail.com wrote:
On 4/20/07, Tony Sidaway tonysidaway@gmail.com wrote:
Let's describe this "risk of attacks" to an "open source project" in more realistic terms: real harm done to real people on a daily basis. This isn't a bit of code that we can assign a "no warrantees" disclaimer on. We have to take the damage very seriously.
And Linus Torvalds doesn't? A vulnerabilty snuck into Linux today would potentially affect half the servers on the Internet. A vulnerability snuck into Apache would affect a vast majority of the websites on the Internet. MySQL and PostgreSQL? Perl? Billions of dollars are at stake with those. Not being personally responsible for the goof wouldn't make the horrific consequences go away.
Quite. But look what the lkml is doing about it. Compared to them, we're still *literally* doing the equivalent of letting anybody commit to the main release tree and them umming-and-ahing about whether we'll take bug reports seriously and, you know, actually remove components that are causing damage.