Re: DSA 438 - bad server time, bad kernel version or information delayed?

[Florian Weimer <fw@deneb.enyo.de>]

Matt Zimmerman wrote:

> Note the "affordable, off-the-shelf".

Matt, Debian is also sold on shelves.

> The implication being that if you pay more to a proprietary software
> vendor (and they typically are more expensive), then you'll be better
> off security-wise.

If you pay someone for the increased development costs, you might be
better off.  From a cost perspective, it doesn't matter much if the end
result is free software or not, someone has just to be willing to invest
the increased effort per line of code.  (Personally, I don't know of any
proprietary software vendor who did this voluntarily, but some free
software developers did.)

Development costs of average proprietary and free software don't differ
radically because the methods are pretty much the same.  The huge
difference lies in the way the developers try to recoup their costs, not
in the costs they have to compensate.