Dear Peter, > http://en.wikipedia.org/wiki/Peer_review which I guess you may > already be familiar with.
Yes, I have heard about peer review.
Just remember there was a peer discussing about a 60 second timeout bug
in libusb/pcscd. The first peer says "the bug is in libusb". The second
peer says "the bug is in libccid". And the bug never gets fixed. And ALL
tokens may suffer from this 60 seconds timeout.
Peter, as you are a peer of libusb, maybe you could comment on the 60
seconds bug and explain why it was known and unfixed for more than a
year. Really this would help understanding the concept of peer review. I
am not against the concept itself, just I don't know how to arbitrate
between 2 peers and handle a project of 100.000 users with only 2 peers.
This is mostly what happened to OpenSC lately: bugs and fixes were know
BUT 1) not applied 2) not tested in beta by a large number of users.
> This goes diametrically against the goal of software quality.
If you look at the number of GIT forks in GITHUBS, there is only a
limited number of peers with limited time. I would say around 10
developers. Clearly a lack of workforce, so we need the help of a
broader community.
In a large community of users (>10.000), leveraging on Internet, you can
help you find and chasse a lot more bugs. So to me the "bazar" model
will always be superior to the "cathedral" model. Read Raymond essay,
this is clearly the model here.
Let us give time to see how the new architecture based on Gerrit and a
packaging farm works. Time will tell if this is efficient. We'll see how
fast OpenSC could go forward. IMHO, it could go very fast.
Here what we are talking about is efficiency, not concepts.
Kind regards,
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
