Fifteen years ago we were trying to convince our boss to take a chance on replacing that sparc 20 with a linux machine.  If back then these vulnerabilities had come to light it would have made our jobs really hard.  Thankfully linux has had a decade to prove itself in the server room.  At this point the pendulum as swung the other direction.  When we have to deploy a windows box we need to think about how it's going to fit into our nice cohesive unix environment.

I'd argue that these revelations and the many more to come can be demonstrated that the FOSS community cares about the quality of the software out there and is continuing to improve it.  Yeah, this stuff is public, but the openness of our community almost invariably means that lots of dirty laundry ends up on the line for everybody to see.

Microsoft has managed to shit show their patching operation so many times it's an easy target to FUD in the other direction.

 

On Thu, Oct 16, 2014 at 1:59 PM, Michael C Voorhis <mvoorhis@cs.wpi.edu> wrote:
John Stoffel writes:
> What makes anyone think that closed source model is any better?  Just
> look at the number of patches Microsoft, Oracle (Java) and Adobe have
> to release for their products all the time.  If they were so much
> better, why do they supply so many patches?

I certainly do NOT think the closed source model is better.  Anyone
who knows how I work will know the extent to which I believe this.
But it is also truthful that all these "events" --heartbleed, the bash
problem, and now TLSv3 (oh yeah, it's called "POODLE") is adding to
the FUD.

The fact that I can look at sourcecode tips the balance in favor of
FOSS for me certainly, and I assume for most people on this list.  But
that doesn't change the fact that the questions are out there.

So people using/running FOSS in a non-hobby environment should be
prepared to answer questions about it if we consider ourselves to be
advocates.  I don't think FOSS confidence is a silly discussion item
for this group.

--MCV.
_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug



--
I am leery of the allegiances of any politician who refers to their constituents as "consumers".