Username or EmailPassword
I think this illustrates the fallacy of the "many eyeballs" meme that is taken as the gospel truth in open source circles.
Here, we have a bunch of open source developers (samba) who find a flaw in an open source product (BSD) and instead of stepping through the BSD source tree to find the problem, they code a samba hack that works around the problem on BSDs. In fact, it appears they didn't even submit a bug report.
Guess what? This happens all the time in the closed source world. If we come across a bug in someone else's code, we code a temporary hack around the problem and wait for the bug to be resolved. This article suggests that such development culture appears in open source projects too, which is understandable.
I hope that naive open source advocates who keep preaching the "many eyeballs" meme will stop doing so. The majority of developers do not have the desire or the inclination to fix other peoples bugs even if the source is available. Hell, it seems that some don't even file bug reports...
So you're taking one specific incident, and using it to back up generalized statements about the whole Open Source community?
One specific incident where developers of a popular open source project cba'ed to step through the source code of another popular open source project demonstrates the fallacy of the meme.
On the other hand, the reasoning that "many eyeballs" makes code more secure while intuitive, AFAIK is not substantiated. The reason for this is because application programmers rarely have the skill set necessary to muck about with kernel internals. And vice versa.
However, if this incident causes the meme to be updated to something along the lines of "many eyeballs makes secure code, but with notable exceptions" I'd call that a vast improvement.
> I hope that naive open source advocates who keep preaching the "many
> eyeballs" meme will stop doing so. The majority of developers do not
> have the desire or the inclination to fix other peoples bugs even if the
> source is available. Hell, it seems that some don't even file bug
Just to show you another point of view: I have had that situation just a few days ago, where I would rather code around a bug in Eclipse IDE than report details or even fix it. Guess why? The bug had been known for more than three years, and repeatedly been marked as "we won't fix this, and we won't accept fixes" (for backwards compatibility).
No, I do not have the desire nor the inclination to investigate any deeper when I know that the aim of the developers is NOT to fix those bugs.