← Back to context

Comment by fc417fc802

19 hours ago

Why should anyone get to determine that? Do people really want us to move to an exclusionary guild system? I thought the experience with proprietary versus open source over the past 30 years had driven home the point that closed ecosystems are almost always far worse for security.

19 comments

fc417fc802

Reply
tredre3  3 hours ago

> the experience with proprietary versus open source over the past 30 years had driven home the point that closed ecosystems are almost always far worse for security.

Has it? Can you prove it? I've been using computers for almost 40 years. I've seen foss-enthusiasts repeat that claim ad-nauseam, without proof. All they ave is the vague, hand-wavy, "millions of people read the code!!11".

I use both proprietary and foss software. I write both proprietary and foss software. I have not noticed a meaningful difference in security.

  • fc417fc802  2 hours ago

    Then I think you haven't been paying attention. We regularly see examples of companies attempting to cover up vulnerabilities, attacking security researchers, dragging their feet on fixes, etc. Meanwhile you can easily see for yourself how long it takes various FOSS projects to get patched and often what the attitude of the devs is.

    You can also take an aggregate view. Presumably skilled developers working on major projects should be expected to have similar rates of security issues. So compare CVE frequency between various FOSS and closed source projects.

lazide  16 hours ago

Additionally, even if there is a guild - no guild ever let a vendor pick and choose what their capabilities were, that would be insanely dumb.

  • estearum  13 hours ago

    Vendors choose what capabilities they create and sell literally all day every day.

    • fc417fc802  6 hours ago

      A more charitable interpretation might be that a guild would not be expected to passively allow such a situation to continue to exist. I think you'd expect a guild to directly contract for the desired tools or failing that to move into production themselves.

      1 reply →

    • ambicapter  11 hours ago

      You should read that sentence as

      > Additionally, even if there is a guild - no guild ever let a vendor pick and choose what [the guild's] capabilities were, that would be insanely dumb.

      12 replies →