On 09/22/2016 08:54 AM, Dave Howorth wrote:
On 2016-09-22 13:26, Anton Aylward wrote:
One final question, Carlos. Presumably you have installed openSuse from the supplied binaries on the DVD or via the network, update binaries via the repository. Presumable you trust the people who contribute their time to build these. How do you differentiate these people from the ones that use the Build System and put the results in "home:" ?
I don't know about Carlos, but in my case I place some trust in the 'many eyes' effect. Quite a few people use the builds in the main repository and quite a few people are involved in the builds, and some of those have been for years. So I feel there's a fair chance of problems being discovered. Far fewer eyes on code in home repositories.
Number vs quality? There are some, popular even, FOSS projects, in GiHub even, which, if you go back over postings, have had flaws that remain undiscovered for years. There's a point/counterpoint about specialists. One of my interests, regular readers might recall, is photography, and I use Darktable. its pretty complex and uses mathematical algorithms which, while I understand the mathematics of, I don't understand either the application to photography not the coding of same. I'm lucky, I suppose, since there are many people using photographic software, FOSS & closed source, who are "just" in it for the art :-) Their eyes glaze over at the maths and the coding, but so what, they are probably better photographers than I am. But not only are the developers of these tools specialists and enthusiasts, and damn sight more helpful when you have a problem than any support I've had from the 'professional' vendors that I've paid money for, and who, probably because the corporate bean counters say its cost-effective and affects the bottom line, outsource first and second level support to script driven know-nothings in distant country, but in their enthusiasm they are more proactive and better at determining problems, not only in the code but in the UI and ancillaries (such as lens databases) than many end users. Yes, YMMV. My point is that you can't treat all the people who use the Build System and put stuff up in "home:" as being equivalent. That goes both ways. http://www.pl-enthusiast.net/2014/07/01/how-did-heartbleed-remain-undiscover... There's a point there about 'lots of pointers and indirection' which is an affliction of C and C++. Complex software or rather voluminous application code, ends up being examined by automated tools. That gets back to trust. The tools may not have the algorithms and heuristics to detect everything; we can see examples of that in the AV scanning industry. Blind spots. http://royal.pingdom.com/2009/03/19/10-historical-software-bugs-with-extreme... The 'many eyes' principle for FOSS is 'in potentia' rather than 'in esse'. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org