SAs [was Bunch of bugs reported by Ilja van Sprundel]

To: tech-kern%NetBSD.org@localhost
Subject: SAs [was Bunch of bugs reported by Ilja van Sprundel]
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Mon, 29 Jan 2018 15:37:12 -0500 (EST)

> I think we should have a discussion to change the way netbsd releases
> and security advisories are done.  they seem to be suitable for a
> large company, and netbsd is doesn't keep up with it.

Actually, based on what you write below, it seems to me you're trying
to change them to be suitable for a large company.  Specifically....

> security advisories are extremely tiresome to write, and contain a
> lot of useless information.  All I care is "is this security? how bad
> is it? maybe tell me a little about it? and give me a binary fixing
> it".

> Instead we include information about CVS revisions for people who
> might want to cherry pick the result, which is a lot of work to
> create and has marginal use.

Marginal use for you, perhaps.  I much appreciate them; they are the
information I need (or, more precisely, are much closer to the
information I need) to make an informed decision about whether I want
to try to get the fixes, and what I need to look at to get them.

I have no use for prebuilt binaries.  They usually won't run at all for
me, and, even if they did, I wouldn't use them.  I also have no use for
someone else's estimate of the severity.  They are usually wrong for me
(mostly because they are based on someone's incorrect assumptions about
what I am running on my machines and what I am using them for).

> We also don't provide the binaries.  [...] It would be more effective
> use of resources if we did a weekly signed build and pointed
> downloads to it, and provides the CHANGES entry somewhere on the
> website.

It depends on whom you are trying to make NetBSD serve.

If you are trying to take on Windows or Linux for the desktops of the
mass market?  Then, yes, you are correct.  But that would, I believe,
lead to NetBSD getting its butt handed to it in that competition,
because it simply doesn't have the resources to compete head-to-head
with the big incumbents.  Furthermore, I believe it would destroy even
more of the support NetBSD might still have among the geeks and
companies who roll their own based on it.

But, if you want NetBSD to continue to serve the niche it appears to
have decided to carve out for itself, I think such changes would be in
exactly the wrong direction.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: SAs [was Bunch of bugs reported by Ilja van Sprundel]
  - From: maya

References:
- Bunch of bugs reported by Ilja van Sprundel
  - From: Edgar Fuß
- Re: Bunch of bugs reported by Ilja van Sprundel
  - From: maya

Prev by Date: Re: Bunch of bugs reported by Ilja van Sprundel
Next by Date: Re: Bunch of bugs reported by Ilja van Sprundel
Previous by Thread: Re: Bunch of bugs reported by Ilja van Sprundel
Next by Thread: Re: SAs [was Bunch of bugs reported by Ilja van Sprundel]
Indexes:

Home | Main Index | Thread Index | Old Index