l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2009 Jun 04 12:59

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Breakdown of Tux Paint downloads
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Breakdown of Tux Paint downloads



>>>>> On Mon, 1 Jun 2009 11:56:06 -0700, Bill Ward <bill@wards.net> said:

BW> Well, you could always launch frequent security updates and track those
BW> downloads I guess :)

No, because most people track them through the OS updates as well...
Many people just wait for the base OS to patch their system expecting
(hoping) that they're rapid in doing so.

Now, imagine if you will trying to coordinate with a bunch of vendors
that pull the package from you and from distributions and then
redistribute it themselves, but silently within their embedded products
(they may not want people to know they're using free (BSD) software).
Now imagine finding a security vulnerability and trying to coordinate
with all of them.  Now imagine going to CERT with such a problem and
having them contact a slew of people, some of whom were even direct
commercial competitors to your open source project.  Now imagine finding
out that the notification had been sent to so many people that it
actually found in perfect copy in the wild on nasty-people lists but
CERT still didn't want to publish publicly for another month so there
you sit for a month with the bad guys having the notice but all the good
guys don't.  This happened to me a little over a year ago and it wasn't
fun.  Fortunately, security vulnerabilities have been very rare for me.
But it just goes to show you how impossible it can be to track usage
through everyone that needs update, or worse needs to create updates for
*their* product or distribution.  It's a nightmare.  I'm certainly not
bitter about it, right?


-- 
\ Wes Hardaker                           http://pontifications.hardakers.net /
 \_____ "In the bathtub of history the truth is harder to hold than ________/
       \_______ the soap, and much more difficult to find." _______/
               \_________ -- Terry Pratchett ______________/
                         \__________________/
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.