From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: border1.nntp.dca3.giganews.com!backlog3.nntp.dca3.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!eu.feeder.erje.net!newsreader4.netcologne.de!news.netcologne.de!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!newsfeed.arcor.de!newsspool4.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Sat, 19 Apr 2014 21:13:58 +0200 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: OpenSSL development (Heartbleed) References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net> <5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Message-ID: <5352caf7$0$6705$9b4e6d93@newsspool2.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 19 Apr 2014 21:13:59 CEST NNTP-Posting-Host: 5cc0aeb4.newsspool2.arcor-online.net X-Trace: DXC=N<6UN; iOcbeEB; 5>eE0T7mA9EHlD; 3Ycb4Fo<]lROoRa8kFejVhoGHV1S8c2`ongPnSRb06 On 19/04/14 19:06, Yannick Duchêne (Hibou57) wrote: > Le Sat, 19 Apr 2014 18:34:13 +0200, Georg Bauhaus a écrit: > >>> That's a well established fact in the software area, so the assumption is honest enough. >> >> That Funding = Quality_Assurance is a repeatedly established >> belief in talking about the "software area", so the only thing >> one can honestly assume is that people are going to repeat it. > > Not a belief, a practical fact. It happens I discovered bugs in some misc open‑source software, > but either did not solved/investigated it, because I have enough things to solve in my own life. > If helping others in solving this would have make them help/support me in return, this would have been different. So you were presuming that if you had done something, they would not have done something in return to help you? Your fact so far seems this: "In my real life I didn't do something, because I didn't expect returns." OK. Do we have reasons, not opinions, to generalize this description in ways that are demonstrably applicable to cases like Heartbleed? So that economic decisions can be based on facts? (If they ever are.) > Another variant is when it happened I discovered bugs, investigated these, proposed a fix, > and the fix was rejected for mysterious reasons and I did not insist because >I did not have time to fight for this, for similar reasons as above. What does funding or not of their project have to do with reasons forrejection? And what does funding or not of their project have to do with rejection or not? And what does funding or not of your project have to do with (reasons for) rejection? Apple, for example, is known to be secretive about how they will finally react, or not react, to bug reports. They are well funded. Thus it might be an ideal situation when funding means maintenance and (responsive) support, but I don't see that funding entails the latter two. > That's just real life. There is a well known philosophy in the Ada world, which cleverly says “programming is a human activity” with a strong emphasis on “human” and it's characteristics, which means, it's not something outside of human contingencies. Right, and rhetoric is a well established human activity, too. Human activities is what may or may not turn the hypothesis that Funding = Quality_Assurance into a fact, in each case.