On Thu, 2004-03-18 at 19:59, Swamper wrote: > I'd say he was helping out by bringing up such an important > issue. Are you speaking for the Fedora Project and Redhat with > your "no more free lunch" remark? I don't think so. Anyone who > installs Fedora is helping out, in my opinion, especially those > who are running the development core. I would disagree, commenting on not having a security update the day after the official vulnerability is announced isn't what I would call helping out. The project released the update for testing today, someone who wanted to help out would test the release. I'm still waiting for sunfreeware.com to put out an update for our Solaris 9 boxes. Should I go on their mailing list and give them hell. No that doesn't accomplish anything. I'm not paying for their service, therefore I don't have the right to bitch at them. Same goes for the Fedora Project. This is not a for-profit company. IMHO the OP came across as someone bitching because a FREE product that is not targeted at production systems was not putting out security updates as quickly as possible. There is a price to pay for everything in life, and the price we pay with FCx is that maybe we won't be getting updates as quickly as we did in the past. The no free lunch comment was about more than just Redhat and Fedora. It's really about the whole open source movement. Almost all of the big projects have now some form of commercial product, e.g. sendmail, MySQL, Postgresql, Redhat, Suse, and so on. They only way we will be able to continue enjoying these platforms is if commercial users paid some money to help support the products. All of our Redhat boxes at work are paid for, this lets me have a platform to play with at home. If no one paid for these things, how long do you think the products would last? <snip> > Since this was brought up in this forum, this would be > the appropriate place for that. A simple, "Hell no we wouldn't > do something like that" would do. Personally, I doubt that <snip> You are absolutely right, the Fedora project needs much better documentation and communication on their website. Someone does need to make a comment about when we should expect security updates. But I for one will not be raising the alarm if it takes a few days to get them out for this platform. Luc Bouchard
