pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Will OpenSSL 1.1l be back ported to 2021Q2?

You are missing that people volunteer to do what they do.   Pretty much
everybody understands that.

In theory somebody might do the work to test a pullup.  Your message was
missing the link to where you staged an update for 2021Q2 in wip and
explained how you tested it on 12 platforms with 100 dependencies.
Really; this is why it's hard.

  This has nothing to do with NASA or any other organization that might be
  using pkgsrc; it's a responsibility of the pkgsrc project to communicate
  clearly about what it provides on the supported branches so that users,
  regardless of whether they're an individual or an organization, can make
  an informed decision about which branch to follow.  I think that's what
  has broken down in this case; it wasn't clear what the pkgsrc project
  provides on the stable branch.

I see it as when there is Free software at zero cost, anybody using it
in a professional context has a responsibility to pay attention and make
their own decisions about suitability.  And to contract with paid
support to bring the $0 product up to the level they need.  After all in
the present case the OP's (who asked and did not accuse) organization is
presumably paying Red Hat.

  It's very natural to me that an organization would be willing to pay for
  a license and at the same time not go out of its way to make a donation
  to an open-source project.  Who would organize the donation at the
  organization?  Who would decide which projects to donate to and which
  ones not to?  Who would decide how much to donate?  Who would justify
  this cash outflow to the board of directors?

It should be exactly the same justification as deciding to use
proprietary software and buying licenses.  But there is a culture that
it's ok to pay for proprietary software and not ok to to make payments
to Free Software.  That's broken, and that was my point.

It's also ok to pay one's own staff to deal with Free Software bug
fixes, but not ok to pay far less for maintenance support for that
software.  THus I was suggesting structuring something that is similar
to proprietary support, when looked at by people who make decisions.
And doing so in an honest way, of course.

But the bottom line is that things happen when someone does them.  This
is true of updates in pkgsrc-current and stable pullups both.

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index