Whining... (Was Bad Quali....)
The thing I don't get. The majority of people on this list have installed free software (I would love to see the amount of SuSE systems out there as a percentage of the amount SOLD by SuSE). While this is in the Open Source community no excuse for bad quality control, the overall service received from SuSE in unofficial support over the past 5 years has been nothing short of brilliant. A mistake has happened, been recognised, and guaranteed will be analysed to try and prevent the same mistake from happening again. Most kids fall off their bucycle at some point. They learn at that point that turning in the sand at high speed is a bad idea and don't do it again (unless the truck they are trying to avoid takes their eyes off the road for a moment). So all in all, SuSE keep it up, everyone else, shut up, I am getting to see this thread as SPAM in my security mailbox and am sure that while I am only adding to the problem now, hopefully you will all grow up and spend more time fixing your problems than whining because someone else isn't. -- Q: How many lawyers does it take to change a light bulb? A: You won't find a lawyer who can change a light bulb. Now, if you're looking for a lawyer to screw a light bulb...
Quoting "b@rry.co.za" <b@rry.co.za>:
A mistake has happened, been recognised, and guaranteed will be analysed to try and prevent the same mistake from happening again.
Most kids fall off their bucycle at some point. They learn at that point that turning in the sand at high speed is a bad idea and don't do it again (unless the truck they are trying to avoid takes their eyes off the road for a moment).
So all in all, SuSE keep it up, everyone else, shut up, I am getting to see this thread as SPAM in my security mailbox and am sure that while I am only adding to the problem now, hopefully you will all grow up and spend more time fixing your problems than whining because someone else isn't.
Perhaps you haven't had any problems at all, I don't know. But let's take an example that's been biting me: tripwire. When SuSE 9.0 came out, the version of tripwire that came with it didn't work, period. There was more than one discussion on this list and bug reports filed, but nothing happened for months and months. I eventually even had to personally tell the SuSE people at LinuxWorld. A week later it was fixed. OK, that's just one program, but fast forward a few more months: A security problem is found with tripwire. SuSE releases a fix with, you guessed it, the same problem as the original release of tripwire: It will not run. This wasn't a "doesn't work with a particular hardware", it's a "segfaults on every system, every time". I would imagine that the most basic QA is "run the program". Add to this the number of kernel problems people have been having, where a machine simply won't boot, and people have to wonder: Has Novell decided QA isn't worth it? When the response to our query is market-speak drivel, we are only left to assume that the security people have been fired and replaced with PR lackeys. I don't need them to curse, just communicate with us as human beings. Using market-speak on a security forum is just insulting. As I said in my previous post: If SuSE communicates with us, we'll give them every chance. When there's a problem with a patch and it's taking longer than normal, drop a note on the list and let us know what's going on. We'll understand, and heck one of us might just be able to help. We don't like faceless corporations shoveling drivel. We get far too much of that every day here in the USA. Linux's strength is community. The more SuSE acts like part of that community, the more loyal and willing to help all of us will be. This isn't whining, this is telling SuSE how it can be better. Because, you know what, most of us here want SuSE to be better. Lastly, I don't think your suggestion that we're all freeloaders on this list is true. On SuSE-security, you're far more likely to find sysadmins than end users. Sysadmins work for businesses that are willing to spend money. I'm one of them.
Torsdag den 26. august 2004 15:34 skrev suse@rio.vg:
Quoting "b@rry.co.za" <b@rry.co.za>:
A mistake has happened, been recognised, and guaranteed will be analysed to try and prevent the same mistake from happening again.
Most kids fall off their bucycle at some point. They learn at that point that turning in the sand at high speed is a bad idea and don't do it again (unless the truck they are trying to avoid takes their eyes off the road for a moment).
So all in all, SuSE keep it up, everyone else, shut up, I am getting to see this thread as SPAM in my security mailbox and am sure that while I am only adding to the problem now, hopefully you will all grow up and spend more time fixing your problems than whining because someone else isn't.
Perhaps you haven't had any problems at all, I don't know. But let's take an example that's been biting me: tripwire.
When SuSE 9.0 came out, the version of tripwire that came with it didn't work, period. There was more than one discussion on this list and bug reports filed, but nothing happened for months and months. I eventually even had to personally tell the SuSE people at LinuxWorld. A week later it was fixed.
OK, that's just one program, but fast forward a few more months:
A security problem is found with tripwire. SuSE releases a fix with, you guessed it, the same problem as the original release of tripwire: It will not run.
This wasn't a "doesn't work with a particular hardware", it's a "segfaults on every system, every time". I would imagine that the most basic QA is "run the program".
:D
Add to this the number of kernel problems people have been having, where a machine simply won't boot, and people have to wonder: Has Novell decided QA isn't worth it?
Hopefully not - Never let the PR guys run the show without being on a short rope.
When the response to our query is market-speak drivel, we are only left to assume that the security people have been fired and replaced with PR lackeys.
One suspects that people were "relocated" to work mainly on SLES. But shouldn't that benefit the Pro version too - just wondering
I don't need them to curse, just communicate with us as human beings. Using market-speak on a security forum is just insulting.
As I said in my previous post: If SuSE communicates with us, we'll give them every chance. When there's a problem with a patch and it's taking longer than normal, drop a note on the list and let us know what's going on. We'll understand, and heck one of us might just be able to help.
That would be nice
We don't like faceless corporations shoveling drivel. We get far too much of that every day here in the USA.
Agree and that trend is spredding fast - better keep the door shot :-)
Linux's strength is community. The more SuSE acts like part of that community, the more loyal and willing to help all of us will be. This isn't whining, this is telling SuSE how it can be better. Because, you know what, most of us here want SuSE to be better.
Here's a hammer for that nail.
Lastly, I don't think your suggestion that we're all freeloaders on this list is true. On SuSE-security, you're far more likely to find sysadmins than end users. Sysadmins work for businesses that are willing to spend money. I'm one of them.
Pay with a smile for every new release too (but sometimes regret sneak in on me when SuSE misbehaves). Johan
On Thu, 26 Aug 2004 suse@rio.vg wrote:
Quoting "b@rry.co.za" <b@rry.co.za>:
A mistake has happened, been recognised, and guaranteed will be analysed to try and prevent the same mistake from happening again.
Most kids fall off their bucycle at some point. They learn at that point that turning in the sand at high speed is a bad idea and don't do it again (unless the truck they are trying to avoid takes their eyes off the road for a moment).
So all in all, SuSE keep it up, everyone else, shut up, I am getting to see this thread as SPAM in my security mailbox and am sure that while I am only adding to the problem now, hopefully you will all grow up and spend more time fixing your problems than whining because someone else isn't.
Here here!
Perhaps you haven't had any problems at all, I don't know. But let's take an example that's been biting me: tripwire.
I almost made a comment, like the one i'm about to make, months ago but I decided to drop it and not create flames. But here's my opinion. Suse doesn't make tripwire, they don't maintain tripwire, they don't do anything except add tripwire to their distro. They add, best guess, over 3000 different rpm packages to their distro. I don't find it terrible that each and every one of those aren't fully quality tested and that they don't work the first time. Sure, they shouldn't include it if they didn't test it, but really who is going to sit there and test each and every package. Is there anyone here who test each and every package distributed with Suse? I think not. So what, a package doesn't work, go get the source and compile/install it yourself. That's what Linux is all about, you don't have to use the proprietary vendors stuff ALL the time. It doesn't really bother me that a package doesn't work, if I really want that package then I'll find other means to obtain it. BB
On Thursday 26 August 2004 16:17, Brad Bendily wrote:
So what, a package doesn't work, go get the source and compile/install it yourself. That's what Linux is all about, you don't have to use the proprietary vendors stuff ALL the time.
exactly. now, on to more important things... -- Tomorrow will be cancelled due to lack of interest.
Quoting Brad Bendily <brad@selu.edu>:
Suse doesn't make tripwire, they don't maintain tripwire, they don't do anything except add tripwire to their distro. They add, best guess, over 3000 different rpm packages to their distro. I don't find it terrible that each and every one of those aren't fully quality tested and that they don't work the first time. Sure, they shouldn't include it if they didn't test it, but really who is going to sit there and test each and every package. Is there anyone here who test each and every package distributed with Suse? I think not.
So what, a package doesn't work, go get the source and compile/install it yourself. That's what Linux is all about, you don't have to use the proprietary vendors stuff ALL the time.
It doesn't really bother me that a package doesn't work, if I really want that package then I'll find other means to obtain it.
And if I only maintained one system, I'd agree. When you have two dozen and more, with different architectures involved, the "compile it yourself" starts to become less and less feasible. That said, I wasn't too upset when the first version in the distro didn't work. As you say, there are thousands of programs, and things will slip through the cracks. The months it took to get SuSE to notice was annoying, but in the end OK. The thing that took the tripwire issue over the line was the security update that broke it *AGAIN*. They weren't doing a security update on 3000 programs. Just one at a time. That said, I paid for SuSE Professional more than once. I was told they maintain security updates for two years. I consider that part of the warranty. If I wanted a distro where they did updates out of the goodness of their hearts, I'd use Debian (or if I wanted a distro where they didn't do security updates at all, I'd use Fedora :-P ). I'd rather use SuSE. But if these security updates continue to be done in such a slipshod manner, with only market-speak excuses given, I won't be able to justify it to the CEO. I'm not demanding perfection. I'm demanding communication. Linux's power is community. The more SuSE is part of that community, the stronger SuSE will be.
I almost made a comment, like the one i'm about to make, months ago but I decided to drop it and not create flames. But here's my opinion.
Suse doesn't make tripwire, they don't maintain tripwire, they don't do anything except add tripwire to their distro. They add, best guess, over 3000 different rpm packages to their distro. I don't find it terrible that each and every one of those aren't fully quality tested and that they don't work the first time. Sure, they shouldn't include it if they didn't test it, but really who is going to sit there and test each and every package. Is there anyone here who test each and every package distributed with Suse? I think not.
No, but our users certainly have a good go at it. Scripted regression tests to make sure that at least every executable at least executes are not difficult, and I expect it is what Suse currently do + more, except things sometimes slip through the net. I know make mistakes and so does everyone else. I certainly do not expect manual testing of every package - yuk.
So what, a package doesn't work, go get the source and compile/install it yourself. That's what Linux is all about, you don't have to use the proprietary vendors stuff ALL the time.
True. IMHO if the software you want to use is critical then you should compile it yourself.
It doesn't really bother me that a package doesn't work, if I really want that package then I'll find other means to obtain it.
yup, but there are a lot of users who will want convenience (home users, for example, who do not want to spend lots of time delving into documentation, etc.)
--- Brad Bendily <__> wrote:
On Thu, 26 Aug 2004 suse@rio.vg wrote:
Quoting "b@rry.co.za" <b@rry.co.za>:
A mistake has happened, been recognised, and guaranteed will be
analysed to
try and prevent the same mistake from happening again.
Most kids fall off their bucycle at some point. They learn at that point that turning in the sand at high speed is a bad idea and don't do it again (unless the truck they are trying to avoid takes their eyes off the road for a moment).
So all in all, SuSE keep it up, everyone else, shut up, I am getting to see this thread as SPAM in my security mailbox and am sure that while I am only adding to the problem now, hopefully you will all grow up and spend more time fixing your problems than whining because someone else isn't.
Here here!
Perhaps you haven't had any problems at all, I don't know. But let's take an example that's been biting me: tripwire.
I almost made a comment, like the one i'm about to make, months ago but I decided to drop it and not create flames. But here's my opinion.
Suse doesn't make tripwire, they don't maintain tripwire, they don't do anything except add tripwire to their distro. They add, best guess, over 3000 different rpm packages to their distro. I don't find it terrible that each and every one of those aren't fully quality tested and that they don't work the first time. Sure, they shouldn't include it if they didn't test it, but really who is going to sit there and test each and every package. Is there anyone here who test each and every package distributed with Suse? I think not.
Well, it should be. Adding a particular package to a distribution is a lengthy process: First, somebody (call him/her some Guru at SuSE: "GURU") decides that package "A" is of interest, for whatever reason. Then somebody else (call this guy/gal the Cost Manager at SuSE: "CM") authorizes the inclusion of package "A" in the distribution, in order to enhance the commercial value of that particular distribution. Don't forget that the GOAL of SuSE, Novell, or whoever is there is to make money. No product manager ("PM") will EVER authorize the inclusion of a particular package "A" that REDUCES the commercial value of the distribution, because it will REDUCE his/her efficiency selling the product. Then a third person (let's say, "pC"), grabs the source, compiles it, packages it, and includes the package into the distribution tree. Now, at last, QA kicks in and should check that "pC" has done the job right, so "PM" will get good selling figures, so "CM" will be happy because the margins are high, so the "GURU" will open the Bonus Bag to "pC", "PM", "CM", "QA" and, most important, him/herself. So, for a company that wants to sell their distribution, is CAPITAL that QA, CM, PM and pC do their job well. So, If a package doesn't work in a COMMERCIAL distribution, is either fixed or replaced. If this means to talk with "A"'s mantainer, or to debug and fix the code and make sure the patches are added to the source, or to choose another package, or to choose not no include the functionality altoghether, that's not important. The important thing is that the Distribution AS A WHOLE provides enough confidence in the market to sell well, and the only thing that will provide that confidence is to know that the company behind the distribution does their homework.
So what, a package doesn't work, go get the source and compile/install it yourself. That's what Linux is all about, you don't have to use the proprietary vendors stuff ALL the time.
If the package doesn't work, compiling it yourself doesn't guarantee that it will work.
It doesn't really bother me that a package doesn't work, if I really want that package then I'll find other means to obtain it.
BB
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
regards, Riccardo
So, If a package doesn't work in a COMMERCIAL distribution, is either fixed or replaced. If this means to talk with "A"'s mantainer, or to
I agree, the packages they distribute SHOULD work, but I'm not upset or shocked that some don't work. The other side of the problem is maybe QA guy did test the package and when he "installs" Suse it works for him(in his configuration), but when you the user installs Suse in your "configuration" it doesn't work. So some package B causes a problem with package A when the two are installed along with package D, E, F, G, H, and Z. SO if you don't installed F then everything works. The point is, there are too many variables, to check that the package works with every other package in the distro. I really don't think they put that much effort as you say into deciding packages for their distro. Perhaps someone from Suse can enlighten us on this? Brad
Am Donnerstag, 26. August 2004 16:17 schrieb Brad Bendily:
Suse doesn't make tripwire, they don't maintain tripwire, they don't do anything except add tripwire to their distro. They add, best guess, over 3000 different rpm packages to their distro. I don't find it terrible that each and every one of those aren't fully quality tested and that they don't work the first time. Sure, they shouldn't include it if they didn't test it, but really who is going to sit there and test each and every package. Is there anyone here who test each and every package distributed with Suse? I think not.
So if they do not test such an important thing like tripwire, they should either get more people for QA, or cut down on adding stuff. Especially "important" stuff like yet another tetris clone and such.
So what, a package doesn't work, go get the source and compile/install it yourself. That's what Linux is all about, you don't have to use the proprietary vendors stuff ALL the time.
no problem with that, but IF a package is on the CD, i wanna be sure that someone at the distributors offices has at least made sure that it WORKS. bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
On Thursday 26 August 2004 05:34 am, suse@rio.vg wrote:
Perhaps you haven't had any problems at all, I don't know. But let's take an example that's been biting me: tripwire.
I have never EVER had a linux distro that did not have SOME problems. Never. And I installed several releases of all the well known ones before settling in SuSE. Come to think of it, I can't recall any OS that did not have SOME PROBLEMS and that includes several generations of Mainframe big iron, PCs, Mini Computers and even HP Pocket Claculators Should Tripwire Fail? - No. What can you do about it? - Well it IS Open source... Is NOVELL to blame as you imply? - Probably not, 9.0 was in the box well before that deal went down. Can SuSE afford to exhaustivly test every application? - Get real. Is Tripwire mainstream that they should have tested it? - Probably. -- _____________________________________ John Andersen
Quoting John Andersen <jsa@pen.homeip.net>:
I have never EVER had a linux distro that did not have SOME problems. Never. And I installed several releases of all the well known ones before settling in SuSE.
Come to think of it, I can't recall any OS that did not have SOME PROBLEMS and that includes several generations of Mainframe big iron, PCs, Mini Computers and even HP Pocket Claculators
Should Tripwire Fail? - No. What can you do about it? - Well it IS Open source... Is NOVELL to blame as you imply? - Probably not, 9.0 was in the box well before that deal went down. Can SuSE afford to exhaustivly test every application? - Get real. Is Tripwire mainstream that they should have tested it? - Probably.
OK, I was going to let this drop, but it seems too many people are incapable of reading and/or comprehension. The initial problem of Tripwire working in 9.0 was annoying, but not the real issue. The QA problem came later when they issued a security update to tripwire that broke tripwire AGAIN! In fact, it was broken in precisely the same manner as the initial release. Here's the sequence of events: 1) SuSE 9.0 is released with broken tripwire. 2) Months later, fixed tripwire is released. 3) Security problem is found in tripwire. 4) SuSE releases security patch that segfaults tripwire on all platforms. It's #4 that's the real shoddy part. It happened after the Novell acquisition of SuSE. And this is just one problem amongst many with the security updates coming from SuSE in recent months. That is the cause of the initial complaint. Once again, for those incapable of counting past two, the issue wasn't the initial borked tripwire, but the security update that RE-BORKED tripwire! Is that clear enough? Now, before the fanboys declare me anti-suse, I'm not asking for perfection. I'm just asking for communication. The SuSE people need to have better communication with us. When the response to these legitimate issues is a market-speak press release, there's something terribly wrong going on. Fortunately, SuSE seems to at least initially be listening, judging by the response which, while a bit vulgar, was human. Hopefully, such communication will continue. Community thrives on communication. If SuSE treats us like a community, I for one will do everything I can to pitch in. Let's see if SuSE is willing to step up to the plate.
Should Tripwire Fail? - No. What can you do about it? - Well it IS Open source... Is NOVELL to blame as you imply? - Probably not, 9.0 was in the box well before that deal went down. Can SuSE afford to exhaustivly test every application? - Get real. Is Tripwire mainstream that they should have tested it? - Probably.
OK, I was going to let this drop, but it seems too many people are incapable of reading and/or comprehension.
Now, before the fanboys declare me anti-suse, I'm not asking for perfection. I'm just asking for communication. The SuSE people need to have better communication with us. When the response to these legitimate issues is a market-speak press release, there's something terribly wrong going on.
I agree. I surely hope suse QA and developers read through this list. Or at least someone who can relay the messages back to them. I think communication with the community is great. My original post was using your tripwire problem as an example. Tripwire is not the first package i've heard people complain about that doesn't work the first time out the box. You did complain that tripwire didn't work the first time. bb
participants (8)
-
b@rry.co.za -
Brad Bendily -
Johan Nielsen -
John Andersen -
Mathias Homann -
Mike Rose -
Riccardo Facchini -
suse@rio.vg