[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Open accounting and Open source

On April 28, 2003 01:08 am, you wrote:
> On Mon, Apr 28, 2003 at 12:13:28AM -0400, Gilles Pelletier wrote:
> > > Issues I have never seen addressed in any other forum... I like
> > > Knoppix even more now and I haven't even burnt the current ISO
> > > to CD yet !
> >
> > Wait till you do. You're in for a surprise.
> Realy? Did I miss an error?

:) I meant "in for a stupendous surprise". I find you're doing a 
wonderful job at maintaining your distro. You're really conciencious, 
attentive to all the little details that Volkerding, for instance, 
considers better left to his users for their "learning enjoyment" :)

But I sometimes wonders if this eagerness can last for 10, 20 years. 
Maybe it would be a good thing to have some kind of light-weight 
non-obstrusive structure in place.

> > As knoppixfr.org and knoppix.net were already online, Klaus
> > decided to register knoppix.com (Maybe .org would have been more
> > appropriate?)
> Er... I did not register a knoppix.com domain. And neither
> knoppix.org.

Yeah, I just checked when Eaden told me. And I also suppose you don't 
know any of those two "people" (see how strange the entry for 
knoppix.org is: http://www.whois.net/whois.cgi2?d=knoppix.org ). 

If so, it seems to me like a worst case scenario, which I hadn't 
envisioned. (I wouldn't have thought registrars permitted such a 
crocked hijacking.)

What this means is that people will start making their links to 
knoppix.com for the english version and knopper.net for the german 
version thinking, just as I did, that the domain names are that of 
the Knoppix distro. (I mean, who has ever heard of Knopper? Not me! 

One fine day, in three months or three years, just as Knoppix is 
making great strides, the domain-links might just disappear or point 
to a porno page instead. I would be very surprised if anybody asked 
for money from you to get the names back...

I suppose it wouldn't be the end of knoppix, but it's not a reassuring 
situation. The way I see things, of course. What's your POV?

> > I also suppose there are reasons why knoppix.net doesn't use the
> > distro's default background anymore.
> I don't know. I didn't register knoppix.net either. That's Eaden's
> playground, and a good one, btw. :-)

Yeah! Too bad "one" of his readers thought his page was hard to read 
with the distro's jpg: despite the little note about the officail 
website, you would have had a pretty official looking site for sure.

So now, com, org and net are not yours. And you don't mind?

> > This basic organisation is needed even for open source. Now comes
> > a new concern: security. From what I could gather, it's not
> > optimum for understandable reasons. Still, I believe it must be
> > adressed.
> >
> > Of course, nobody here gives a damn about a security hole with
> > ghostscript in KDE while opening pdf file.
> Well, I do. But I just can't rebuild KDE from source to fix errors
> that should be fixed by the genuine maintainers who are way better
> at building Debian packages than I am. 

I understand this. But it's just that building packages for unstable 
doesn't seem a priority at Debian's. And maybe rightly so, I don't 
know. But it does cause a problem with Knoppix.

> I'm not even sure if the
> ghostscript problem is really present in the current unstable
> debian packages, has anybody tried an exploit?

It seems that if you don't offer KDE 3.1.1a, you have the problem. 
Maybe it's not necessary to wait for exploits?

> > The hell! You just don't
> > open untrusted pdf files, and that's it.
> Not a good solution.

I agree. But it seems like the only solution for Knoppix right now.

> > The problem is if you starr distributing Knoppix CD to you family
> > and friends, people who have never seen an extension on their
> > Windows system, never heard about security fixes, someday, you're
> > bound to have problems. And it will be no use explaining why the
> > problem happened, it will be bad for business, even though it's
> > open source business. So, if the is a problem, it must be
> > addressed.
> >
> > How, is the question. Let's move on.
> Well, any solutions yet?

The only solution I see for now, unless Debian wants to give a higher 
priority to upgrading unstable, is trying to get some money and have 
somebody do the job.

Maybe it's not a good solution but I can't think of any other for now.


Gilles Pelletier
La Masse critique
Le sionisme
debian-knoppix mailing list

Reply to: