Subject: Re: Issue 50 of the NetBSD CVS Digest is out.
To: David Maxwell , Rhialto <>
From: Rhialto <>
List: current-users
Date: 04/10/2006 22:49:56
On Mon 10 Apr 2006 at 16:34:32 -0400, David Maxwell wrote:
> I couldn't disagree more.
> Are you suggesting that companies shouldn't contribute to open source
> projects because they'll then come under fire for not "giving away"
> the way they make their business work?

It makes it more difficult to verify what is going on. Many security
analists argue that full disclosure of any security bugs in products is
the best overall strategy. Do we know now if all problems that are found
are being disclosed, or if perhaps some are witheld? I guess we can't
check. (Yes, I tend to be paranoid)

> NetBSD, and all its users are benefitting from the improvements to the code
> base that come as a result of this voluntary contribution on Coverity's part.
> NetBSD is the open source project, our code is open.

The code is, but you also want to know why changes are made. I
understand there are humans in the loop, acting on reports to see if
they are spurious or otherwise incorrect. That is very important.

> Coverity is a for-profit business. That they choose to give us _anything_,
> is charity on their part.

Apparently, the DHS is paying for it, at least that is how I interpret
what is written on the mentioned webpage.

> > Also, the apparent involvement of the
> > department for so-called "homeland security" [1] brings a certain taint
> > along.
> While some people may dislike some of what that (US) Government
> department does, would you claim that makes it impossible for them to
> fund any thing which is worthwhile and beneficial?

They might fund such things, but these people might question the motives
behind it. Again, I tend to be paranoid.

___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/        -- Cetero censeo "authored" delendum esse.