[SATLUG] The difference between Linux and OpenSSL

hc at lookcee.com hc at lookcee.com
Sat Apr 19 14:08:15 CDT 2014


I think both you guys are right, Bruce is absolutely correct that no single person or group can be with absolute certainty that with 370K+- lines of code will be perfect from zero bugs. Borries is correct in that if more money were available to assist in supporting a decent staff the chance of bugs existing in the final code will be reduced.

Recently due to lack of funds I had a hardware problem and was forced to use a old outdated install of Ubuntu no longer supported and refused to update & Windows XP and I chose to use the partly crippled Linux except in a few cases where I was forced to use the XP and it quickly reminded me why I switched to Linux 6-7yrs ago. Nearly every time I used XP I had to run the virus and malware cleaners to remove problems and often spent hrs trying to get rid of pervasive nasty thangs that kept reinstalling itself often embedded into the registry and hidden. It really taxed this ol 83+ yr old head. Verbose way of saying 'God I love Linux' I am so glad to have a nice fast box running Mint 15, smooth as silk and most everthang just works. Did I mention all for free!
 
I am also thankful for this list and the persons that post on it. Even ol dogs learn new tricks and I learn so much from u guys, thanks a bushel & a peck!
herb
 
On Saturday, April 19, 2014 13:03, "Borries Demeler" <demeler at biochem.uthscsa.edu> said:



> The article lists a $2k *donation* budget and 1 full time employee in
> charge of OpenSSL vs. solid funding thanks to the commercial backers of
> Linux you mention. They say the issue of under-funding for some other
> crucial open source initiatives is pervasive and a similar problem.
> Also, they make a point of how wide-spread Linux is and how few people
> actually know that. My point is that unlike the Mars lander you mention
> (which did have sufficient funding) it is impressive how far OSS has
> come often without solid funding, but more could be accomplished with
> more funds. So it definitely *does* matter how much money is "thrown at
> the problem".
> 
> -b.
> 
> On Sat, Apr 19, 2014 at 11:45:44AM -0500, Bruce Dubbs wrote:
> > Borries Demeler wrote:
> > >Lack of funding is the problem of many open source projects, despite
> > >their incredible importance. This is made pretty clear in this article:
> > >
> >
> >http://bits.blogs.nytimes.com/2014/04/18/openssl-and-linux-a-tale-of-two-open-source-projects
> >
> > I can't read it because they want me to register and I don't want to
> > do that.
> >
> > But let me make some comments.  Red Hat, SuSE, and Ubuntu have the
> > funds to do QA for critical programs.  They either chose not to do
> > that or missed the problem too.  How many full time equivalent (FTE)
> > personnel are needed for good software QA for the critical
> > components such as openssl, openssh, gpg, stunnel, etc.
> >
> > ALL software is subject to bugs.  The issue is how far after
> > injection do the bugs get before they are removed.
> >
> > No matter how much the software is examined, the potential for some
> > bug getting through is still there.  It doesn't matter how much
> > money is invested.  The really impressive feat in the relatively
> > recent past was the Mars lander.  That it was successful at all was
> > a tremendous feat of quality control.  However, if you dig down, I
> > bet they have made changes at different times to the code due to
> > unforeseen issues.   Remember the crash because they didn't convert
> > between english and metric units?
> >
> > If it were proprietary code, how long would it have taken to
> > discover the problem?
> >
> > What is the bug density of open source vs proprietary?
> >
> >
> http://www.coverity.com/press-releases/annual-coverity-scan-report-finds-open-source-and-proprietary-software-quality-better-than-industry-average-for-second-consecutive-year/
> >
> > Looking at the openssl tarball, there are 349,834 lines of .c code
> > and 97,247 lines of headers in 1191 files.  Subtract about 50 lines
> > from each file for the copyright header and you get about 370K SLOC.
> >
> >   -- Bruce
> >
> > --
> > _______________________________________________
> > SATLUG mailing list
> > SATLUG at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> > Powered by Rackspace (www.rackspace.com)
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list