

KDE 3.1 Delayed - For A Very Good Reason 31
woobieman29 writes "KDE.news reported on Saturday that the KDE 3.1 release that was scheduled for this week has been delayed until early January. This is happening due to some security concerns that have arisen during a security audit of the 3.1 CVS tree. Kudos to the KDE team for making sure that the product is fully baked before release.!"
Thank God (Score:1)
Re:Thank God (Score:3, Funny)
Imagine the mess we'd be in if Microsoft could do this? Half of my gripes with M$ software stem from bugs and security holes. Now that they've become a monopoly by killing the competion, as opposed to outselling them via a offering a better product, they could take the time to squash bugs and plug holes. If all my practical reasons for disliking M$ go away, I'm left with nothing but dislike for their business practices...which are subjective decisions. That would certainly be a major blow to the anti-M$ crowd.
Re:Thank God (Score:3, Insightful)
You can blame market research for finding the desire for those "features", to be sure, but a lot of this stuff was put there because people wanted it there.
Re:Thank God (Score:2)
If adding features to your product introduces potential for known exploits that didn't previously exist (the potential, not the exploits), then you don't add the features. Doing so is brain-dead. And *that* we can scream at Microsoft for.
If I know that language X was designed to be sandboxed by a bytecode interpreter, and I remove that sandbox, then I'm perfectly responsible for any behavior that didn't get contained by that code.
Re:Thank God (Score:1)
Re:Thank God (Score:2)
Microsoft actually spends more time developing new features than fixing bugs... as a programmer I can tell you, working out the kinks in a program takes longer than writing a first draft (ie microsoft final release).
For starters it gives people a false idea of where technology is... Microsoft releases "features" and "conviences" before they are safe and bug free... this is technology that doesn't really exist yet in a stable and/or secure state (although there are other alternatives of the same "features" that are usually put out not long thereafter by those who were working on the same thing but bothered to run a debugger.).
I'm not saying every other developer is more responsible than microsoft, I'm saying microsoft is irresponsible.
They aren't the only ones, they are just the only ones with a 90+% desktop market monopoly that shapes the minds of those first getting into computers.
People complain about those who single out microsoft. i can't speak for anyone else, but for the most part when i complain about microsoft it is due to something bad they are doing, that is bad because of, or a largely impacting issue because of their blatant monopoly.
More would remain (Score:2)
You still wouldn't be able to reconstruct the system to do anything else than what you've been given dialog settings for. Unless the Windows Registry is considered as efficient a way to configure things as configurations files + man pages + source. Or rebuilding that is considered part of the bugsquashing campaign. Which it should be, given the design.
And then there's the price. And spirit. Like, what fun would it be running around rebooting machines instead of chatting in irc about configuration details?-)
RC? (Score:5, Insightful)
Obviously delaying the release until the security holes are fixed is the only course of action.
Since the betas and RC are now going to be exposed to the world for longer, are the security holes going to be disclosed so that we can take some action to secure our systems that are running these pre-release builds?
Re:RC? (Score:5, Informative)
I'm not going to karma whore and give you links to the holes themselves, but this [kde.org] is a good place to start. They disclose holes as they happen; it's open source. Systems that choose to run thes pre-release builds accept such risks anyways.
Re:RC? (Score:3, Insightful)
They don't have to. After all, betas and even RCs are clearly not guaranteed to be bug free. Developers don't even have the moral obligation to support them. If you are concerned about [security] bugs, run a stable version.
Re:RC? (Score:1)
Re:This is indeed awesome news (Score:1)
Re:This is indeed awesome news (Score:1)
I have a number of them and I have to download a monthly price list from a vendor that is a
I guess I'll have to figure out how to install Office 2k2 under WINE...
Good for Them (Score:5, Funny)
In other news, uppon reading this, Microsoft declared a company wide day of laughing, stating "...this is the most rediculus strategy we've ever seen! Why if we did this, we'd still be working on DOS 4 or 5." Later in the conversation, the spokesperson asked to take back that statement and said if we printed it the BSA would come after us for liscenses.
Gotta go, there is a knock on the door...
Re:Good for Them (Score:5, Funny)
On the contrary, MS makes sure that their products are fully toasted after release.
Details on the concerns? (Score:2, Interesting)
Re:Details on the concerns? (Score:2, Funny)
Well, I suppose they could tell you, but then they'd have to kill you.
Re:Details on the concerns? (Score:2)
Re:Plus ca change (Score:3, Insightful)
Double standard. (Score:1)
Sure, they might not say they're doing security audits, but who can blame them? They have many corporate partners who would see security auditing as an indication of flawed software.
Just keeping things in perspective.
Re:Double standard. (Score:2)
Or maybe they are waiting for the monopoly lawsuits to have time to blow over so nobody will be looking very close. They could also be giving people time to swallow the XP license, I mean, if they delay the next release the subscribers might think "that wasn't so bad" and then they will start churning them out at their usual release cycle, what is that, 200mb of first draft code (that never goes past first draft) a week?
Double standard? No. (Score:1)
See http://www.law.gwu.edu/facweb/claw/Vaporware.htm