[plug] Linux Desktop Market
Leon Brooks
leon at cyberknights.com.au
Wed Oct 26 18:21:21 WST 2005
On Wednesday 26 October 2005 14:47, John Knight wrote:
> But as OSS, we have security through transparency, so we
> wouldn't have problems to the same extent.
Mister Anarchist, you just contradicted yourself. You say that security
through transparency works in the same post that you advocate
downloading and installing random (ie opaque) _binaries_.
Linux users in general (I'd even go so far as to claim "admins in
general") would no more scrutinise the source code than MS-Windows
users would, and if you download a binary you have no guarantee
whatsoever that it was built from the source in the next archive
across.
The people who build distributions, however, do read and check the
source, and are painfully aware of what patches are included and why.
That's why you should pay for a distro when you use it. I get my
customers to do that (a drop in the ocean compared with what they've
already saved), mainly because I don't want to be forced to do that job
myself.
That's why software branding is so highly regarded in the Windows world.
Everyone packages their own stuff, and there is no serious way of
verifying an .msi file or a random .exe; TuCows and its peers are a
kind of compensation for that; it only takes a few hundred people
getting burned, and TuCows will tear the download off its list.
Microsoft would do well to simply digitally sign packages, but as usual
Trey wants to over-reach, so if you get any kind of validation at all
it comes bundled with all-intrusive check-your-soul-in-at-the-door DRM.
What I would like to see is a common _source_ package agreed upon, that
RPMs, DEBs, Slack-TGZs etc could be quickly and automatically built
from. Then you would get TuCows-like sites arising that build and offer
the packages that the distros themselves miss. That would mostly keep
both sides of this argument happy.
To do that, some standardisation of package naming conventions needs to
happen between distros, and they need to agree upon a common dependency
format and stick to the LSB (FHS, at least) somewhat better than they
typically are.
Cheers; Leon
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Member, Perth Linux User Group
http://slpwa.asn.au/ Member, Linux Professionals WA
http://osia.net.au/ Member, Open Source Industry Australia
http://linux.org.au/ Member, Linux Australia
More information about the plug
mailing list