Linked by Thom Holwerda on Wed 15th Apr 2009 09:54 UTC
Bugs & Viruses Whenever the Conficker worm comes up here on OSNews (or any other site for that matter) there are always a number of people who point their fingers towards Redmond, stating that it's their fault Conifcker got out. While Microsoft has had some pretty lax responses to security threats in the past, it handled the whole Conficker thing perfectly, releasing a patch even before Conficker existed, and pushing it through Windows Update. In any case, this made me wonder about Linux distributions and security. What if a big security hole pops up in a Linux distribution - who will the Redmond-finger-pointing people hold responsible?
E-mail Print r 1   · Read More · 71 Comment(s)
Thread beginning with comment 358692
To read all comments associated with this story, please click here.
Clearly the Distro's fault
by Yamin on Wed 15th Apr 2009 16:50 UTC
Member since:

I know we love car analogies ;)

If some car part manufacturer creates a defective part that eventually ends up in your brand new Honda Civic, who do you blame? You blame Honda... period... full stop.

Whatever the distribution packages is fair game to blame on them. That said, there is small caveat. Distros also come with package management that allow you to install applications. This becomes a grey area. Then it largely becomes a matter of perception.

Does the user think package X is part of the 'OS', or do they think of it as a separate program that is merely allowed to be installed easily by the package management software? As I said, this is perception. Something like X.ORG is definitely an OS like component and you would definitely hold the distro responsible. Something like open office is a bit different.

One of the things distros should do to clear up this liability is to clearly mark packages they 'support'. Then again this goes back to one of my main complaints of distros. None of them want to take the bold leap and actually make choices. They all want to give you full flexibility, which means most distros end up being the same with all the same packages available. I'd like to see Distro X completely throw out support for Gnome or KDE. Pick one or the other. This reduces your testing and support time. They should make other choices on what they will support. They can provide unsupported links in their repo (clearly marked of course).

I'll liken this to my experience with pulseaudio on Ubuntu Hardy (since its on their now). It wasn't exactly well supported, but it was there. For such a basic component, I had no idea if it should keep it on, remove it, install this or that... everyone was saying something different. if you're going to package something as core as the sound system, you better fully support it and stand by it.

Just my two cents.

Reply Score: 4