Re: [debian-knoppix] Open accounting and Open source
On April 28, 2003 01:08 am, you wrote:
> On Mon, Apr 28, 2003 at 12:13:28AM -0400, Gilles Pelletier wrote:
> > > Issues I have never seen addressed in any other forum... I like
> > > Knoppix even more now and I haven't even burnt the current ISO
> > > to CD yet !
> > Wait till you do. You're in for a surprise.
> Realy? Did I miss an error?
:) I meant "in for a stupendous surprise". I find you're doing a
wonderful job at maintaining your distro. You're really conciencious,
attentive to all the little details that Volkerding, for instance,
considers better left to his users for their "learning enjoyment" :)
But I sometimes wonders if this eagerness can last for 10, 20 years.
Maybe it would be a good thing to have some kind of light-weight
non-obstrusive structure in place.
> > As knoppixfr.org and knoppix.net were already online, Klaus
> > decided to register knoppix.com (Maybe .org would have been more
> > appropriate?)
> Er... I did not register a knoppix.com domain. And neither
Yeah, I just checked when Eaden told me. And I also suppose you don't
know any of those two "people" (see how strange the entry for
knoppix.org is: http://www.whois.net/whois.cgi2?d=knoppix.org ).
If so, it seems to me like a worst case scenario, which I hadn't
envisioned. (I wouldn't have thought registrars permitted such a
What this means is that people will start making their links to
knoppix.com for the english version and knopper.net for the german
version thinking, just as I did, that the domain names are that of
the Knoppix distro. (I mean, who has ever heard of Knopper? Not me!
One fine day, in three months or three years, just as Knoppix is
making great strides, the domain-links might just disappear or point
to a porno page instead. I would be very surprised if anybody asked
for money from you to get the names back...
I suppose it wouldn't be the end of knoppix, but it's not a reassuring
situation. The way I see things, of course. What's your POV?
> > I also suppose there are reasons why knoppix.net doesn't use the
> > distro's default background anymore.
> I don't know. I didn't register knoppix.net either. That's Eaden's
> playground, and a good one, btw. :-)
Yeah! Too bad "one" of his readers thought his page was hard to read
with the distro's jpg: despite the little note about the officail
website, you would have had a pretty official looking site for sure.
So now, com, org and net are not yours. And you don't mind?
> > This basic organisation is needed even for open source. Now comes
> > a new concern: security. From what I could gather, it's not
> > optimum for understandable reasons. Still, I believe it must be
> > adressed.
> > Of course, nobody here gives a damn about a security hole with
> > ghostscript in KDE while opening pdf file.
> Well, I do. But I just can't rebuild KDE from source to fix errors
> that should be fixed by the genuine maintainers who are way better
> at building Debian packages than I am.
I understand this. But it's just that building packages for unstable
doesn't seem a priority at Debian's. And maybe rightly so, I don't
know. But it does cause a problem with Knoppix.
> I'm not even sure if the
> ghostscript problem is really present in the current unstable
> debian packages, has anybody tried an exploit?
It seems that if you don't offer KDE 3.1.1a, you have the problem.
Maybe it's not necessary to wait for exploits?
> > The hell! You just don't
> > open untrusted pdf files, and that's it.
> Not a good solution.
I agree. But it seems like the only solution for Knoppix right now.
> > The problem is if you starr distributing Knoppix CD to you family
> > and friends, people who have never seen an extension on their
> > Windows system, never heard about security fixes, someday, you're
> > bound to have problems. And it will be no use explaining why the
> > problem happened, it will be bad for business, even though it's
> > open source business. So, if the is a problem, it must be
> > addressed.
> > How, is the question. Let's move on.
> Well, any solutions yet?
The only solution I see for now, unless Debian wants to give a higher
priority to upgrading unstable, is trying to get some money and have
somebody do the job.
Maybe it's not a good solution but I can't think of any other for now.
La Masse critique
debian-knoppix mailing list