Главная страница


ru.linux

 
 - RU.LINUX ---------------------------------------------------------------------
 From : Sergey Lentsov                       2:4615/71.10   07 Jun 2001  17:16:50
 To : All
 Subject : URL: http://lwn.net/2001/0607/letters.php3
 -------------------------------------------------------------------------------- 
 
    [1][LWN Logo] 
    
                                [2]Click Here 
    [LWN.net]
    
    Sections:
     [3]Main page
     [4]Security
     [5]Kernel
     [6]Distributions
     [7]On the Desktop
     [8]Development
     [9]Commerce
     [10]Linux in the news
     [11]Announcements
     [12]Linux History
     Letters
    [13]All in one big page
    
    See also: [14]last week's Letters page.
    
 Letters to the editor
 
    Letters to the editor should be sent to [15]letters@lwn.net.
    Preference will be given to letters which are short, to the point, and
    well written. If you want your email address "anti-spammed" in some
    way please be sure to let us know. We do not have a policy against
    anonymous letters, but we will be reluctant to include them.
    June 7, 2001
    
    
 From:    "Michael Hunt" <michael.j.hunt@usa.net>
 To:      <letters@lwn.net>
 Subject: Some positive thoughts on the Desktop section
 Date:    Thu, 31 May 2001 12:30:24 +0100
 
 It seems lately that Hammel has been getting some flack over his writings
 for LWN's Desktop section and while I can see the point of peoples claims
 (i.e. that the feel of the writing is not in the tradition or spirit of LWN)
 I do want to point out some positive points (since I am ever the optimist).
 
 1. This weeks Desktop section was the best so far and I think much more in
 line with what readers expect from LWN. Having read Michael's GIMP book the
 expertise on Linux printing is to be expected and shows through and I wish
 to applauded him for the quality of it.
 
 2. His pointers to good resources on the subject of printing showed research
 and allowed people who were interested in the topic to pursue it, while
 leaving others free to move on.
 
 3. Comment was concise and to the point. It was also stated in a "mater of
 fact" way not a "I think this is right".
 
 4. News coverage was to the point and not long winded.
 
 I understand that any new direction that LWN takes is going to be meet with
 challenges such as readership acceptance, maintaining of style, keeping your
 core focus etc. So far the desktop section has not entirely meet all of
 these satisfactorily but if this weeks edition is anything to go by you are
 getting much closer.
 
 Michael Hunt
 An Aussie in Africa
 
 P.S. As a GNOME user I have enough trouble just trying to stay up to date
 with it let alone all the other desktops out there.
 
    
 From:    Hans-Peter Fischer <hp.fischer@heidenheim.com>
 To:      letters@lwn.net
 Subject: On The Desktop
 Date:    Thu, 31 May 2001 19:10:51 +0200 (CEST)
 
 Dear editor,
 
 I am writing to you because I am somewhat appalled by the hostile reaction of
 some of your readers to Michael J. Hammel's desktop column, especially Bret
 Mogilefsky's arrogant "he's got to go" comment. Have all these self-made
 desktop experts who can't stand witnessing somebody learning something
 forgotten how to skip an article they don't like?
 
 I have no intention to either install KDE or Gnome on my machine because I
 don't see what they could possibly do for me that fvwm2 can't and because I
 like all my applications look and behave differently, but I still enjoy reading
 Mr. Hammel's column simply because it is well written, and sometimes also
 informative.
 
 What I find annoying about LWN is something totally different, namely that it
 has become more and more "business-minded" over time, and apparently so without
 any member of the "free" Linux community complaining.
 
 So why not split LWN in two: one edition about Linux - in which there would
 certainly be a place for Mr. Hammel - and one about stock quotes and business
 with/on Linux?
 
 Yours sincerely,
 
 Hans-Peter Fischer
 
 --
 Visit [16]http://www.hei-news.de/
 
    
 From:    Robert L Krawitz <rlk@alum.mit.edu>
 To:      letters@lwn.net
 Subject: Printing
 Date:    Thu, 31 May 2001 21:05:19 -0400
 
 I read the On The Desktop section of your May 31 edition with
 considerable interest.  As the project lead for Gimp-Print, I'd like
 to explain the relationship between Gimp-Print, the GIMP, CUPS, and
 other printing systems.
 
 Gimp-print has indeed seen a major overhaul.  It is no longer just the
 Print plugin for the GIMP; it can be used with CUPS, Ghostscript,
 Foomatic ([17]http://www.linuxprinting.org/foomatic.html), and (via
 Ghostscript) plain unadorned lpd and LPRng.  At the core, it's
 organized as a set of dithering routines, color management (of a
 sort, presently rather ad-hoc), and a collection of drivers for the
 main families of printers we support (Epson, HP, Lexmark, and Canon).
 In 4.1 (the current development mainline), this was organized into a
 shared library that applications that need to generate printer output
 link against.  The current clients of this library are the GIMP Print
 plugin, a CUPS driver, and a Ghostscript driver (named "stp" when
 compiled into Ghostscript).  Using this package directly through
 Ghostscript is not recommended due to the large number of options;
 it's much more convenient to use it with CUPS or Foomatic.
 
 The GIMP plugin aside, the package is strictly a driver package.  We
 leave spooling and rendering to people who are experts in that field,
 and work with those people to ensure that the interfaces between
 layers are appropriate for our needs.
 
 The focus of this project (at least since I started working on it) has
 always been on high quality output, comparable to or better than OEM
 drivers in many cases.  Some of our developers have backgrounds in
 color and dithering theory and practice, and this has been of enormous
 value to the project.  We're working on supporting additional
 printers, including high end professional devices such as the Epson
 Stylus Pro series of printers.
 
 I think that the name of the project, Gimp-Print, is confusing to many
 people; it's easy to assume that it's just the GIMP plugin.  However,
 we've never succeeded in coming up with a better name, and to be
 perfectly honest, the association with the GIMP (the premier free
 end-user graphics application) isn't anything to be ashamed of :-)
 
 --
 Robert Krawitz <rlk@alum.mit.edu>      [18]http://www.tiac.net/users/rlk/
 
 Tall Clubs International  --  [19]http://www.tall.org/ or 1-888-IM-TALL-2
 Member of the League for Programming Freedom -- mail lpf@uunet.uu.net
 Project lead for Gimp Print/stp --  [20]http://gimp-print.sourceforge.net
 
 "Linux doesn't dictate how I work, I dictate how Linux works."
 --Eric Crampton
 
    
 From:    "Kevin Postlewaite" <kevin.postlewaite@tumbleweed.com>
 To:      "'lwn@lwn.net'" <lwn@lwn.net>
 Subject: Response to LWN's statement about Linux security costs
 Date:    Thu, 31 May 2001 12:25:25 -0700
 
 In LWN's front page article about the relative security costs of Linux
 versus Windows, you wrote:
 "While it is nice to see a (hopefully) objective result that favors Linux,
 it is also a little disappointing. 5-15% is a fairly small margin; we should
 really be able to do better than that. It's a start, anyway. "
 
 I used to work for PricewaterhouseCoopers auditing computer security of our
 clients.  We would go in and try to penetrate our clients' systems (with
 their permission, of course).  The main flaws that existed did not have to
 do with the particular OS but depended on the skill and conscientousness of
 the system administrators, as well as the computerl security education of
 the company's employees.  The most successful penetrations were obtained
 when some sysadmin would set the root password to root (or better yet, none
 at all) or have the Windows Administrator password be Administrator.  Also,
 a surprisingly high number of employees would gladly give out useful
 information (including accounts and passwords) to people that they didn't
 know over the phone.  People were the weakest link, not the OSes.  Thus, I
 wouldn't expect that the underlying OS would affect the expected damages by
 much.  Far more important than installing Linux is educating the users(not
 that they shouldn't install Linux anyway :-) ).
 
 -Kevin
    
 From:    "First Name Last Name" <spamalabasura@my-deja.com>
 To:      letters@lwn.net
 Subject: Software Auditing
 Date:    Fri, 1 Jun 2001 13:39:32 -0700
 
 Dear LWN editors,
 
 I read your front page article on the auditing of free software. You make a
 good point that not enough auditing is being done.
 
 Your articles in LWN can play a very beneficial role in encouraging more
 people to participate in the auditing process. Instead of describing
 auditing as 'tedious' and auditors as 'obscure participants' you could
 focus on successful code auditors. Probably the most active community in
 the auditing scene of Free Operating Systems is OpenBSD, led by Theo
 DeRaadt. For OpenBSD hackers, auditing is not tedious and auditors are
 'star players'!
 
 All areas of software can be interesting once you find the right
 community. Some people say that writing installation packages is boring but
 you can ask Debian developers and they'll give you a very different
 perspective.
 
 In future editorial articles on the state of Linux auditing, you could add
 links to interviews to OpenBSD hackers on how fascinating code auditing can
 be and also add some pointers on where to learn more about this subject.
 
 Approach this subject with enthusiasm and you will encourage more people to
 do something similar for Linux.
 
 Best Regards,
 
 Eusebio C Rufian-Zilbermann
 
 ------------------------------------------------------------
 
    
 From:    "Charles Hethcoat" <CHETHCOA@oss.oceaneering.com>
 To:      <lwn@lwn.net>
 Subject: On the auditing of free software
 Date:    Fri, 01 Jun 2001 17:02:11 -0500
 
 I think your outlook on auditing of code is a tad pessimistic.  Sure, code
 may sit there for years, but I feel it probably gets the attention that it
 warrants.  That is, if it gets little attention, then it's probably doing
 its job pretty well.
 
 The key condition, to me, is that the code is _there_, available for review
 when necessary.  When some situation arises that triggers an widespread
 audit, then a rapid period of bug squashing ensues.
 
 Having open code helps assure that the number of bugs steadily approaches
 zero over time.  The time scale may be hours, days, or years, but I find it
 reassuring to know that it's headed in the right direction.
 
 Compare this to the situation with closed code.  Here, you don't have any
 assurance that anybody is doing anything, at least if you are not a part of
 the organization that owns the code.  Look at how the immortal DOS and
 Windows bugs remain a part of the landscape forever, even though they are
 widely known to have caused all sorts of problems for people.
 
 Charles Hethcoat
 Oceaneering Space Systems
    
 From:    Mike Coleman <mkc@mathdogs.com>
 To:      letters@lwn.net
 Subject: Re: The Boundaries of GPL
 Date:    Thu, 31 May 2001 23:29:14 -0500 (CDT)
 Cc:      "Chad C. Walstrom" <chewie@wookimus.net>
 
 Chad C. Walstrom's suggestion that the Linux kernel licensing issues could be
 solved by "unifying" the copyrights of code contributed to the kernel,
 transferring "copyright control" to the FSF or a newly created non-profit
 organization, begs the question.  The problem itself is that it is not feasible
 to get all of the past contributors to agree to anything, including any such
 transfer.  (Many would see this as good fortune rather than a problem, in any
 case.)
 
 I believe Mr. Walstrom's characterization of RMS and the FSF as "Marxist-like"
 is a baseless attack.  If he feels that they are a bit too left-leaning for his
 tastes, though, then he must be absolutely howling with rage at those
 corporations and individuals who (pounding their shoes on the podium) insist
 that of us who GPL our software are obliged to instead give our work away
 without compensation (i.e., by switching to a non-GPL license).  Marxist indeed
 !
 
 --
 Mike Coleman, mkc@mathdogs.com
   [21]http://www.mathdogs.com -- problem solving, expert software development
 
    
 From:    Fred Mobach <fred@mobach.nl>
 To:      Linux Weekly News <lwn@lwn.net>
 Subject: Re: The Boundaries of GPL
 Date:    Sat, 02 Jun 2001 23:03:13 +0200
 
 "Chad C. Walstrom" <chewie@wookimus.net> wrote :
 
  I highly doubt that all the Linux kernel developers could be convinced
  to sign over copyright control to their contributions to the FSF, as
  not too many people buy in to the Marxist-like views of RMS and the
  FSF.
 
 It is still every time very offending to read about the "Marxist-like"
 views of Richard Stallman. Mr. Walstrom should _prove_ why he states
 this or he should shut up. A little bit of study on marxism and the FSF
 might help him, although I'm not sure ;-).
 
 Regards,
 
 Fred
 --
 Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
 Systemhouse Mobach bv - The Netherlands - since 1976
 
 The Free Transaction Processing Monitor project : [22]http://www.ftpm.org/
 
    
 From:    "Chad C. Walstrom" <chewie@wookimus.net>
 To:      Mike Coleman <mkc@mathdogs.com>
 Subject: Re: The Boundaries of GPL
 Date:    Fri, 01 Jun 2001 02:51:51 -0500
 Cc:      letters@lwn.net
 
 To Mr. Mike Coleman:
 
 Howling?  Baseless attack?  You misinterpret me quite wildly, and base
 some far fetched assumptions about my character from that
 misinterpretation.  My classification of FSF policies as Marxists is
 not an attack at all.  To refute this classification, however, is in
 most cases an amusing knee-jerk reaction to a "bad word".  I do not
 place a value upon the policies the Free Software Foundation or of
 Marxism in general, I simply pointed out a commonly accepted
 observation that the FSF exemplifies many of the same principles.  The
 question about my personal position has no bearing on the
 conversation.
 
 What we do agree on, to some extent, is that it may be difficult to
 "sign over" control of the Linux kernel from each of its contributors
 to the FSF or any other centralized foundation.  Organizing such a
 move is no small task.
 
 Regardless, these logistics are somewhat off-topic in reference to the
 original article, which addressed the relationship between a GPL
 software product and proprietary modules that interface with that
 product.  It is a topic that relates to any similarily licensed
 products, and one that needs further legal clarification.
 
 --
 Chad Walstrom <chewie@wookimus.net>                 | a.k.a. ^chewie
 [23]http://www.wookimus.net/                            | s.k.a. gunnarr
 Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD
 
    
 From:    Tres Melton <class5@pacbell.net>
 To:      letters@lwn.net, djb@cr.yp.to, rms@stallman.org, class5@pacbell.net
 Subject: License trouble everywhere.
 Date:    Sat, 02 Jun 2001 02:41:57 -0600
 
 Dear Editor,
 
         I realize that I'm a little late in addressing this issue as you
 wrote about it in the 24 May 2001 issue.  But after reading Richard M
 Stallman's speech and various other tidbits regarding the licensing of
 ip_filter and tcp_wrappers
 ([24]http://bsdtoday.com/2001/June/Features496.html) I thought that this
 issue might need to be re-examined.  Particularly in light of the other
 article that you wrote regarding djbdns.
 
         You mentioned the license as not being free to modify and redistribute
 djbdns (qmail, and ucspi-tcp).  The reasons for this are Mr. Bernstein's
 and are related to security.  It seems that he doesn't want to have
 modified versions that might have security problems running around the
 Internet for people to download thinking that he has given them his
 blessing.  I have been a programmer for many years but security is not
 my forte.  I have audited his code (to the best of my abilities) and am
 reasonably sure of its security; enough to be running his software on my
 machines.  I find his code to be exceptionally clean and well thought
 out. This is in stark contrast to some of the other servers (sendmail,
 bind, etc.) that are distributed with the various GNU/Linux
 distributions.  These programs seem to focus on features to the
 detriment of security.
 
         Was it not a security flaw in sendmail that brought the Internet to its
 knees in the 80's?  I believe the first time the major news outlets
 covered the Internet was to say that it was being devasted by an unkown
 problem and most of the major sites were pulling the plug to The 'Net
 until they could fix it. Although that was a bit before my time I'm
 currently very aware of the various bugs that have been exploited
 recently in multiple BIND vulnerabilities to create a multitude of
 migrains for various system administrators throughout the world.
 
         A great deal of software that I use that is considered free and/or open
 and I enjoy tinkering with it. I also enjoy the new features that come
 out on a regular basis.  Unfortunatly some of these features come out
 without serious thought put into their security.  When it comes to
 running these programs on my desktop, behind my firewall, with limited
 local access, I can easily tolerate these mistakes in the name of
 progress.  When it comes to a corporate server that is exposed to the
 Wild, Wild, 'Net that is a different story.  In that case I'm very
 thankful that programs written by Mr. Berstein have his seal of
 approval; not to mention having survived the security bounty that he has
 placed on these programs:
 
 [25]http://cr.yp.to/djbdns/guarantee.html
 "I offer $500 to the first person to publicly report a verifiable
 security hole in the latest version of djbdns"
 
 I believe that qmail had a similair bounty for awhile too.
 
         I realize the difference between DJB's programs and ipfilter is that
 ipfilter is embedded within an OS with its own license and not running
 ontop of it as a service.  And I'm not sure how to address a license
 that is a small part of a whole product with a different license, as in
 the case of BSD and ipfilter.  I do know that I'm willing to accept
 things like:
 
 [26]http://cr.yp.to/qmail/dist.html
 If you want to distribute modified versions of qmail (including ports,
 no
 matter how minor the changes are) you'll have to get my approval. This
 does not mean approval of your distribution method, your intentions,
 your
 e-mail address, your haircut, or any other irrelevant information. It
 means a detailed review of the exact package that you want to
 distribute.
 
 if it means that I can be assured that the code has undergone a thorough
 security audit by the author and has his/her seal of approval.  I know
 that Linus keeps a tight leash on 'his' kernel: as distributed by
 kernel.org but that it doesn't always get the review that it might
 need.  The various forks of Linux are even more murky.  I would be in
 favor of the firewalling code and other security portions of the kernel
 either not being modified or having the modifications approved by the
 authors.  I know that RMS might not agree but he has the expertise to
 verify his own code.  Some of us do not.  The freedoms granted by the
 GPL are very important to me but so is secure code.  There are certain
 circumstances in which I would be willing to forgo
 the third freedom of the FSF as RMS put it:
 
 [27]http://www.gnu.org/events/rms-nyu-2001-transcript.txt
 (aprox 1/3 of the way down)
 And Freedom Three is the freedom to help build your community by
 publishing an improved version so others can get the benefit of your
 work.
 
 The only places that I would forgo this freedom is in the area of
 security.
 Perhaps the solution is to change the license to include an author's
 seal of approval and allow modification provided that the seal of
 approval is removed.
 
         Afterall what would happend to qmail if DJB got hit by a truck and
 later a bug was discovered.  Could it never be fixed?  Would the
 software fade away?  What if he gets hit before he migrates djbdns to
 IPv6?
 
 What would happen to these quality pieces of software?
 
 Tres Melton
 class5@pacbell.net
 
    
 From:    Richard Stallman <rms@gnu.org>
 To:      class5@pacbell.net
 Subject: Re: License trouble everywhere.
 Date:    Sat, 2 Jun 2001 14:48:49 -0600 (MDT)
 Cc:      letters@lwn.net, djb@cr.yp.to, class5@pacbell.net
 
 It is clear that your goals and values are very different from mine.
 I don't think technical merit can make up for a lack of freedom to
 distribute modified versions, any more than a capable despot who makes
 the trains run on time can make up for a lack of democracy.
 
    
    
                                                                          
    
    [28]Eklektix, Inc. Linux powered! Copyright Л 2001 [29]Eklektix, Inc.,
    all rights reserved
    Linux (R) is a registered trademark of Linus Torvalds
 
 References
 
    1. http://lwn.net/
    2. http://ads.tucows.com/click.ng/pageid=pageid=132-000-001-001
    3. http://lwn.net/2001/0607/
    4. http://lwn.net/2001/0607/security.php3
    5. http://lwn.net/2001/0607/kernel.php3
    6. http://lwn.net/2001/0607/dists.php3
    7. http://lwn.net/2001/0607/desktop.php3
    8. http://lwn.net/2001/0607/devel.php3
    9. http://lwn.net/2001/0607/commerce.php3
   10. http://lwn.net/2001/0607/press.php3
   11. http://lwn.net/2001/0607/announce.php3
   12. http://lwn.net/2001/0607/history.php3
   13. http://lwn.net/2001/0607/bigpage.php3
   14. http://lwn.net/2001/0531/letters.php3
   15. mailto:letters@lwn.net
   16. http://www.hei-news.de/
   17. http://www.linuxprinting.org/foomatic.html
   18. http://www.tiac.net/users/rlk/
   19. http://www.tall.org/
   20. http://gimp-print.sourceforge.net/
   21. http://www.mathdogs.com/
   22. http://www.ftpm.org/
   23. http://www.wookimus.net/
   24. http://bsdtoday.com/2001/June/Features496.html
   25. http://cr.yp.to/djbdns/guarantee.html
   26. http://cr.yp.to/qmail/dist.html
   27. http://www.gnu.org/events/rms-nyu-2001-transcript.txt
   28. http://www.eklektix.com/
   29. http://www.eklektix.com/
 
 --- ifmail v.2.14.os7-aks1
  * Origin: Unknown (2:4615/71.10@fidonet)
 
 

Вернуться к списку тем, сортированных по: возрастание даты  уменьшение даты  тема  автор 

 Тема:    Автор:    Дата:  
 URL: http://lwn.net/2001/0607/letters.php3   Sergey Lentsov   07 Jun 2001 17:16:50 
Архивное /ru.linux/2030808c78760.html, оценка 2 из 5, голосов 10
Яндекс.Метрика
Valid HTML 4.01 Transitional