Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/12/2022 12:14 PM, David Wright wrote:
> On Mon 12 Sep 2022 at 11:13:52 (-0400), Chuck Zmudzinski wrote:
> > On 9/12/2022 12:55 AM, David Wright wrote:
> > >
> > > I would imagine a fix could follow quite quickly as it only requires
> > > rebuilding with a filename added to a list of files not to have
> > > their symbols stripped (or reverting the compatibility level change).
> >
> > The patch to fix the bug with the dh_strip override was identified six days ago
> > in the bug report by a user, yet AFAICT the grub maintainers have not even
> > acknowledged the existence of this bug yet to those who have contributed
> > to the bug report on BTS. So I do not expect a fix very soon.
>
> I don't see why: I see Steve's post from several hours ago.
Sorry, I missed that, Steve is a grub maintainer and now he is looking at the bug, and that is a
good and encouraging fact.
>
> > The grub maintainers
> > do not have the time or interest to fix it. Perhaps the Xen users could try to
> > convince the Xen maintainers to do an nmu to fix it if the grub maintainers
> > continue to ignore the bug, but I don't know if that breaks the etiquette that
> > governs such things in the world of Debian developers - I am just a Debian user.
>
> There seems to be some attitude here.
Well, I suppose so, but I am pleased that a grub maintainer is now on the case. Still,
there is another Debian bug that affects me that continues to be ignored, so I admit
I have an attitude about that. I accept that what is of grave or important severity to
me is not necessarily of grave or critical severity to the official Debian maintainers
and developers. I wish to merely point out that what is often said about the advantages
and disadvantages of free, open-source software that is maintained by volunteers is
true:
An advantage is that the user has full access to the source code and is free to fix
problems if the official releases have unpatched bugs but this of course costs time
and resources devoted to solving problems that are not fixed promptly in the official
release. A disadvantage is that often the priorities of the developers who release
free, open source software are not always the same as the priorities of any particular
user, so there is no guarantee that the developers of free, open source software will
ever get around to fixing a problem that might be causing trouble for some subset of
users of the software who very often just stop using the free, open source software
and return to proprietary software that just works for them without a big hassle or
effort to keep it working well and securely.
Megha Verma of medium.com goes so far to say a disadvantage of OSS is that free
open source software can be misused for malicious purposes, but it would be hard
to prove what she says is true, but her point is that the way open source projects
are governed lends itself to possible abuse. This is how she explains it:
"Open Source Software is accessible to all means it can be used and misused.
And, that’s where it turns unconstructive for us. With OSS, we can expect harm,
virus transfer, identity burglary, and many other malicious practices to hurt the
process." [1]
I would not go so far to say that is happening in Debian, but I have experienced
the fact that not every bug that is important to my use case will be fixed quickly
in Debian, even if I or other users takes the time to find the fix and share it
with the Debian developers. This experience of mine with Debian as a long-time
user of Debian *does* raise suspicion in my mind, and I would not be suspicious
of malicious intent by Debian developers and maintainers if they were more
responsive to some bugs they just ignore for months and even years. I agree
my suspicion does not prove malice, but my suspicion is reasonable when there
are Debian "volunteers" who do work in corporate environments where the
interests of their employer might conflict with the interests of the open source
software projects such as Debian that they contribute to. This is simply a risk that
users of Debian software, or of any open source software, should be aware of,
and users should know how to mitigate this risk of malicious activity within
open source software projects like Debian.
So it as a fact that if a person is just a user of Debian and not an official
developer of Debian, there is no guarantee that the use case of that particular
user will receive prompt attention from the official Debian developers. That
is true because Debian developers are just volunteers and not liable for any
problems the software they release might cause to those who use Debian
software. That is a *big disadvantage* of open source software.
Best regards,
Chuck
[1] https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413
Reply to: