[pp.int.general] Fwd: Re: Why Free Software misses the point
Ole Husgaard
pirat at sparre.dk
Fri May 14 00:19:47 CEST 2010
Andrew Norton skrev:
> TRust a community of people who MAY have checked each others work.
> UNLESS they, like everyone else, assumed someone else would do it. And
> those that have checked it, apparently don't look at the code, but
> instead use other pieces of code to check it.
I guess you are not a software developer. I am. I have worked with
proprietary software, free software and open source software most of my
life.
And I can tell you that the source code is read a lot. It is not unusual
for a developer to have to read thousands of lines of code just to
change a single line of code, to be sure it is done correctly. If there
is something bad in the source code, somebody will notice.
This is even more the case for free and open source software. Based on
the number of questions and comments I got when developing free and open
source software, I would guess that every commit I did in such projects
were checked by at least 2-3 people.
With proprietary closed source software only employees of the software
development company can read the code, so it is checked less. And a
developer in this environment cannot warn the users if he finds
something bad in the source code - if he did, he would quickly have to
look for a new job.
Take for example the database software Interbase, when Borland
open-sourced it. When many people could read the source code it turned
out that a special username and password was hardcoded to give full
access to the database, without the users knowing abut it, causing a
great risk for the user's data.
> If that community says it's safe, and it isn't, what recourse do I have
> for trusting them? None. The only hope is that *someone* spots the bad
> before it harms anything. If it has though, too bad.
>
> If people would actually start taking legal responsibility for checking
> and certifying free software, that would be a HUGE positive step
> forward. No-one will though, because no-one a) wants to check, and b) be
> put on the hook for other peoples actions.
>
> Thats the crux. No-one wants the responsibility.
It looks to me like you do not want to take the responsibility for the
software you want to use.
But if people develop the software and give it to you at no cost, it is
not fair if you try to make them liable for any problems you have with
the software. If you cannot live with that, you are free not to use the
software.
Best Regards,
Ole Husgaard.
More information about the pp.international.general
mailing list