this post was submitted on 30 Mar 2024
334 points (98.5% liked)

Linux

48463 readers
998 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

They haven't particularly made a comment on the situation so much as acknowledged it's happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc.

(The sceptical tone isn't because of disbelief of Collin, it's because we don't know enough about the situation to be able to say Collin is or isn't telling the truth here.)

you are viewing a single comment's thread
view the rest of the comments
[–] ReversalHatchery@beehaw.org 1 points 8 months ago (1 children)

I took them to mean we should do what we can to ensure these projects have financial resources to continue, not that we should "say goodbye" to them.

They have said this:

Something as critical as OpenSSH should be (and possibly is) funded by the users and also NOT use third party libs because it's dangerous, as this incidence showed.

Emphasis mine.

[–] abbenm@lemmy.ml 1 points 8 months ago* (last edited 8 months ago)

And again, that's not even within an country mile of being a good faith attempt at charitable interpretation, for several reasons.

You're twisting their words into some sort seemingly overnight goodbye to all software relying on third party libs. A more normal way of taking that is envisioning a more gradual progression to some future state of affairs, where to the greatest extent possible we've worked to create an ecosystem that meets our needs. An ecosystem that's build on a secure foundation of known and overseen libraries that conform to the greatest extent possible to the FOSS vision. Ideally you don't just say goodbye, you work to create ersatz replacements, which there's a rich tradition of in the FOSS world.

Your other point was even worse:

important software shouldn’t reuse code already made, they should reinvent the wheel and in the process introduce unique vulnerabilities

Somehow, you decided that putting words in their mouth about going out of their way to solve the problem only with worst-case-scenario bad software development practices (e.g. lets go ahead and create unique vulnerabilities and never re-use code) is a reasonable way of reading them, which is completely nuts. FOSS can and does re-use code, and should continue to do so to the extent possible. And like all other software, strive to avoid vulnerabilities with their usual procedures. That's not really an argument against anything specific to their suggestion so much as its an argument against developing any kind of software at any point in time - new games, new operating systems, re-implementations seeking efficiency and security, etc. These all face the same tradeoffs with efficient code usage and security. Nothing more or less than that is being talked about here.