"Hemmann, Volker Armin" <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Thu, 18 Jan 2007 17:12:53 +0100:
> So much text from you, but where is the 'I was wrong, sorry'? > > Even if nvidia should have recognized the bug as a serious problem the > moment it was reported, they delivered the bugfix in 3 month, 3 days > after they got informed that it was security problem. And they did not > 'cover it up'. If I am demonstrated to be wrong, I say it, but it hasn't happened here. It WAS a security vuln, and as any such unhandled crash from native code, they should have treated it as a potential security vuln from the moment the found it until it was fixed or proven otherwise. As for time to a fix, the point is, regardless of how long it actually took, if the software master (see the sig) has respect for his users and makes source available, any user can either create a fix or arrange for it to be created. As it happens, in something that widely used, precisely /because/ the source is available, a decent share of such bugs (which we both agree happen in all non-trivial software) in the FLOSS community are fixed in rather LESS than "three months, three days". However, that's beside the point, since any user of such software who thinks such bugs aren't being turned around in a timely enough manner can arrange for a fix themselves, or simply apply a patch if someone else has already done so. Since it was slaveryware, that option wasn't available and a slave subject to master NVidia's whims and decisions on timing, unable to take their own needs and priorities into consideration and arrange for a fix sooner if they thought necessary, is /exactly/ what the users were. What if NVidia had taken a year to come out with a fix? What if they decided it wasn't worth their trouble and never came out with a fix? If it's Free software, there's an alternative, should the user wish to avail themselves if it. With slaveryware, that's exactly what the user is, a slave to the whims of the software's master. I make it a point to no longer be a slave to the whims of the masters of the code I run. That doesn't mean you have to, it just means I do. As for using the term slaveryware in my posts... You don't tell me how I feel about the software I believe is slaveryware and label it so in my posts, and I'll not insist you call it slaveryware in yours. After all, if you find my choice of terms offensive, you don't /have/ to read them. There /is/ this thing called a killfile, should you find it necessary to use. Call it heavenlyware in yours if you wish. Deal? =8^) (Oh, and backing someone into a corner by demanding an apology doesn't tend to be a very effective way of actually getting one. Let's not make this too personal, and agree that we /can/ disagree. It's not as if the world comes to an end because of it, after all. =8^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- [email protected] mailing list
