Few weeks ago I read that someone had found an exploit to became root on local Linux systems because of a Kernel issue.
The bug was fixed quickly but maybe not enough to prevent someone, evil or not (me included), to exploit it in an exposed machine.
We can find that kind of matters on every systems, even they are free or not, but the question is: ¿is a good thing to release so quick or to be so open in every step of development that everyone could know what is going bad (or well) in every moment?
From The Cathedral and the Bazaar you can read that "Linus Torvalds's style of development is to release early and often, delegate everything you can, be open to the point of promiscuity". But maybe that "promiscuity" may be a lack of security. Like in sex, more people can mean more fun, but not more security.
When you are developing software in an office, for a company, you use private chanels to comunicate with your mates. But when you are developing for all people who want to use your software, and you are not doing this alone, you have to use global and public channels.
That's, for me, one of the weak points of global development of free software. Maybe if developers coordination change and new versions are released only when they are really stable, this weak point would be "fixed" from the developing process.
Subscribe to:
Post Comments (Atom)
1 comment:
Hi Arturo!
Nice post and better photo!!!
From my point of view, the development in free software is very secure for that reason.
I´ll explain myself. When you develop an app there are different statuses. If something is in the branch unstable it is probably because the app is still and alpha or beta release so being tested and nobody can guarantee the security of that code.
Later, that app will stay for a long time in the testing branch. This means that the app still has bugs but less than before. The community will read the code and help you solve all those bugs(as always does :).
And finally, the app will be stable. This doesn’t mean that it’s rock solid and has no bugs. But at least this will not occur very often, and you still can submit updates for the stable app in order to solve these kind of situations.
I think if someone or a company wants to use your app, probably they will have a look at the security of it and will help you improve it.
Another good thing of having the source available is that as soon as someone warns of a problem, a lot of people look for a solution and submit it very fast so everybody can download it, install it and be safe again ;) . We don´t have to wait a month for a little bugfix.
Anyway it’s only my opinion.
Bye!
Post a Comment