Dear Peter, > http://en.wikipedia.org/wiki/Peer_review which I guess you may > already be familiar with.
Yes, I have heard about peer review. Just remember there was a peer discussing about a 60 second timeout bug in libusb/pcscd. The first peer says "the bug is in libusb". The second peer says "the bug is in libccid". And the bug never gets fixed. And ALL tokens may suffer from this 60 seconds timeout. Peter, as you are a peer of libusb, maybe you could comment on the 60 seconds bug and explain why it was known and unfixed for more than a year. Really this would help understanding the concept of peer review. I am not against the concept itself, just I don't know how to arbitrate between 2 peers and handle a project of 100.000 users with only 2 peers. This is mostly what happened to OpenSC lately: bugs and fixes were know BUT 1) not applied 2) not tested in beta by a large number of users. > This goes diametrically against the goal of software quality. If you look at the number of GIT forks in GITHUBS, there is only a limited number of peers with limited time. I would say around 10 developers. Clearly a lack of workforce, so we need the help of a broader community. In a large community of users (>10.000), leveraging on Internet, you can help you find and chasse a lot more bugs. So to me the "bazar" model will always be superior to the "cathedral" model. Read Raymond essay, this is clearly the model here. Let us give time to see how the new architecture based on Gerrit and a packaging farm works. Time will tell if this is efficient. We'll see how fast OpenSC could go forward. IMHO, it could go very fast. Here what we are talking about is efficiency, not concepts. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel