[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Open accounting and Open source



On Sun, Apr 27, 2003 at 12:26:56AM -0400, Gilles Pelletier wrote:
> Recently I expressed concern about Knoppix's security because, since 
> it's based on testing and unstable, security fixes often come out 
> late. I was told that such was the deal: either you go into the pains 
> of installing Debian and you have a secure system or you install 
> Knoppix and you your system is... well, not so secure.
> 
> Of course, if one intends to use Knoppix for the purpose it was 
> designed -- i.e. as a Live-CD to pick up mail on a trip or to fix a 
> broken down computer, etc. -- security is no concern. But since I had 
> the project to offer people to install Knoppix on their computer for 
> daily use, I've since had the worried times blues. Isn't there a way 
> around this that would benefit both Knoppix and Debian?
> 
> Some people have already asked Klaus -- well, I certainly did -- if 
> there was a way they could financially contribute to Knoppix. Klaus 
> answered that the best way was to send the money to Debian. I don't 
> agree with this.
> 
> Debian already receives some money though a company they've set up 
> called "Software in the Public Interest, Inc." It seems to cather not 
> only to Debian, but also to Fresco, GNOME -- GNOME, hear this 
> Klaus!!!! :) -- LSB, OFTC, Open Source (.org) and GNU TeXmacs. How 
> much, in what proportion, God knows.


  SPI is not a company, but a non-profit organization as it's stated at
 spi-inc.org main page.

  If your donation is earmarked for Debian, all the money goes to
  Debian. Anyway, I have CC'ed spi-general list so proper people can
  answer you this better (Branden?)

 
> What we do know is that, though Debian has hundreds of developpers, it 
> seems none of them found that devising a decent installation program 
> was an endeavour worth undertaking. If Klaus Knopper wasn't born, the 
> world would still be stuck with the fucked up Debian script for 
> installation. 


  What's the problem with Debian's installation? It works quite well for
  almost all people if you follow default steps. Anyway, FYI, a new
  debian-installation system is being worked on. If you feel that Debian
  needs a better (I suppose GUI based) installation system, your
  contribution is welcomed.

  And as I see, Knoppix doesn't "install" but copies a yet installed
  system into your hard disk, which is a bit different concept.

> 
> Upgrading packages is not a project apt to bring the author's name to 
> the forefront. So people prefer to work on HURD or whatever. So I 
> doubt that even money sent to Software... Inc. will bring the 
> security fixes any faster.


  Debian is made by volunteers, which focus on whatever they have
  interest on. And people working in security are also volunteers which
  have their lifes. If you want, you can contribute yourself or pay some
  developers to work in security.
  
> 
> It seems some things at Debian just won't move. During all his 
> leadership, Ben Collins has tried to make "ready when it's ready" a 
> wee bit earlier. He never succeeded.


  Debian releases will be done when they're ready. If you need the new
  bleeding edge latest software, you can use testing or unstable.

> 
> I understand Klaus wants to keep Knoppix a geeks' project, not a 
> business undertaking. He doesn't want to have anything to do with 
> finance and end up, as is almost always the case, with his nose in 
> the great book instead of in programs. He's competent enough to ask 
> good wages and can gather enough money to make a living AND continue 
> to have fun with Knoppix.
> 
> Still, wouldn't it be great to have somebody paid to bring security 
> fixes out asap? Wouldn't it get things moving faster at Debian too? 
> Wouldn't this way of contributing to Knoppix also be a contribution 
> to Debian worth so much more than sending the money directly?


  As I told you, you can pay somebody directly to work on Debian
  security fixes. Why is better to direct the money to Knoppix instead?
  
  I'm not against Knoppix receiving money if it needs it and will use it
  to improve the system, but I'm trying to show that there are other
  ways to make it productive.

-- 
  Jose Carlos Garcia Sogo
     jsogo@debian.org

Attachment: pgpwQYqIVVkVV.pgp
Description: PGP signature


Reply to: