> -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Duncan > Sent: Wednesday, January 17, 2007 8:51 PM > To: gentoo-amd64@lists.gentoo.org > Subject: [gentoo-amd64] Re: MAKEOPTS values for Athlon 64 X2 > > > "Hemmann, Volker Armin" <[EMAIL PROTECTED]> posted > [EMAIL PROTECTED], excerpted below, > on Wed, 17 Jan 2007 22:22:16 +0100: > > > NVIDIA was made aware of a problem with our 1.0-8774 driver > that caused an X > > Server crash on July 2006 through a posting on nvnews.net. The > problem was > > not identified as a security risk. > > This is the core of the problem, right here. > > As it happens, I don't personally have the skills to verify the > quality and security of the code.
And neither do 99.999% of all computer users, whether they be MAC, Linux, or Windows users. That's what's at the core of the issue, and it's never goinig to change. In addition, the number of people who even *could* examine a given type of code (a video driver for example) and render a valid opinion as to it's quality is *extremely* small. Somone who writes database code for a living isn't going to have a clue about the details and intricacies of a video driver module. In fact even somone who writes drivers for another kernel sub-system (SCSI disk drivers for example) will probably quickly find themselves beyond their depth of understanding when examining 2D/3D/OpenGL video driver code. > However, that "someone I trust" is the FLOSS > community, including the authors willing to put their source code out > there for examination in the first place. Code from the OSS comunity has bugs and flaws just like code from the CSS comunity does, in fact they are often writen by the same people. If anything, it's likely that the CSS code is a bit more robust and better tested. CSS code in general (assuming the typical case of it being produced by a "company"), usually goes through more testing and a more formal Quality Assurance procedure than OSS. The quality, or lack there of for CSS, often has a direct effect on the finances of the vendor. That being the case, CSS vendors are inclined to go to a little extra trouble to keep obvious flaws out of their releases. On the OSS side of the equation there isn't any hard financial incentive to rigoriously regression test before posting a new release, because of the this and the real limitations described above, the mythical "many eyes" examining OSS code don't actually exist in any realistic sense. > By contrast, I do NOT trust > authors not willing to take that step, In the case we're talking about it's not actually the authors that aren't willing to publish their code, I'm sure that the authors are just as proud of their work as any OSS author is and would be perfectly willing to have it seen by anyone. It's the Company that feels the need to protect their intelectual property, and whether you, or RS, or anyone else, does or does not like it, they in fact have the right to do so. Also, IMO they also have a valid argument for doing so. > yet still require me to agree they > have no responsibility if the code doesn't work as intended if I choose to > use their programs, so I just choose not to make those agreements, and > consequently can't use their programs. You're certaintly free to make choices based on whatever criteria you feel like using, I just think that in the grand scheme of things the difference between using OSS and CSS is prety insignifiant. In the long run good apps, utilities, and hardware/drivers (whether OSS or CSS) will be successful, and the bad ones, (whether OSS or CSS), will fade away. The vast majority of users don't care whether what they are using is OSS or CSS, what they do, and should, care about is whether or not it works and does what they want. So while you're choice to use only OSS may give you personal satisfaction, in the long run it's not a choice that the vast majority of users are ever going to, or actually have any real need to consider. -- Regards, Bob -- gentoo-amd64@gentoo.org mailing list
