Hallo fsfe Liste,
Am Montag, 8. Dezember 2014 schrieb Martin Gollowitzer:
Markus Raab fsfe@markus-raab.org [141121 10:53,
Hallo,
Ich überlege alb@drdobbs.com folgende Mail zu schreiben. Was meint Ihr?
Tut mir leid, dass ich erst jetzt antworte. Ich halte es fuer eine gute Idee.
Die Antwort war (Exzerpt):
------------ Thanks for your note.
I have been writing open source software since the late 1980s with well over 100K lines of code contributed. I founded an open-source company (iText), which today employs 15 people full time. And I routinely speak with leaders in the open source movement. I really understand this market from both the contributor and the commercial aspects. And I have the perspective of OSS leaders.
It's very hard to tell what you're objecting to. I expect you did not understand my editorial. I never, ever attacked open source software. The subhead of the article says in clear bold print: "Recent high-profile defects do not support the view that open source is less secure than closed source." Not a single person who wrote to me or commented on the article came to the conclusion you did about what I said. You have misread the article in a way that nobody else did. ------------
Ist OSS und freie Software wirklich so weit voneinander entfernt oder liegt es nur an der Person? An Selbstvertrauen scheint es Ihm ja nicht zu mangeln.
Inhaltlich ist er leider auf nichts eingegangen. Deshalb habe ich vor zu schreiben:
------- Thank you for your insightful response.
So e.g. your statement that open source "would reasonably deliver" .. "the eyes of a few core developers" can by no way misread that: - maintainers of all free-software distributions don't look at the code - scientists and security experts prefer to work with closed source - students don't work with it - developers that found a bug won't take a deeper look - the 388 developers that contributed code in apache [0] wrote their code without looking at other lines
P.s. Not that it matters, but two others I asked came to the same conclusion and attacked many other points of your article I did not even mention. -------
Für sehr viele freie-Software-Projekte stimmt ja die Aussage (dass nur ein paar wenige den Code anschauen) und erst recht bei solcher halb-offener Software wo man irgendwas unterschreiben muss wenn man contributen will. Nur ist seine Erfahrung von seinem iText halt nicht verallgemeinerbar und sollte auch klar als solche gekennzeichnet werden. Was meint Ihr dazu?
glg Markus