I respectfully disagree with the analogy. It is true that an open
source available to rebuild (without IP logos, etc.) is far better than
closed source for reasons of software engineering (and security) upon
which I can elaborate if there is interest.
However, having any product enter wide use, and in particular, mission
critical production use, without oversight is hazardous. Everyone makes
mistakes; however, some mistakes are bigger than others. Professional
designs can be very wrong (e.g., Chernobyl). In the current epoch, Zoom
is being widely deployed (it is default mandatory at my institution),
but it was never tested at the current scale nor properly hardened, and
is being patched as it is being used.
If the "bazaar" (or the "cathedral", for that matter) offers (sells) a
good or service that has long term hazards, or even short term post-sale
hazards, others may never be informed of the reality. In terms of wide
area network computer information systems, we no longer live in the
epoch of Arpanet or even NSFnet -- we live in a hostile environment with
constant attacks. Without frequent counter-measures (often through
revisions), not just use-inhibiting defects appear, but actual
compromises are perpetrated, including identity theft for criminal
actions (sometimes done within the laws of the nation-state employing
the actors in a clandestine service).
On 12/17/20 9:14 AM, P. Larry Nelson wrote:
> This whole discussion brings to mind Eric Raymond's three essays;
> later an iconic 1999 book: "The Cathedral and the Bazaar".
> They discuss software development, culture and control, and business models
> between open-source and closed-source models.
>
> A decent synopsis of them can be found here:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__informatics.bmj.com_content_23_2_488&d=DwID-g&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=kTytgzKkdHhIqdndyIcBX0DwNa_qVjjolf67ZOV5G10&s=oyQdXE2psOUlCUbuAYDOan3V_Lie-oK7KsICGigaoDo&e=
>
> They bear revisiting, I think.
>
>
>
> Teh, Kenneth M. wrote on 12/17/20 10:14 AM:
>> Hear hear!
>> --------------------------------------------------------------------------------
>>
>> *From:* [log in to unmask]
>> <[log in to unmask]> on behalf of Lamar
>> Owen <[log in to unmask]>
>> *Sent:* Thursday, December 17, 2020 10:04 AM
>> *To:* scientific-linux-users <[log in to unmask]>
>> *Subject:* Re: Update from Rocky EL
>> On 12/16/20 9:55 PM, Yasha Karant wrote:
>>> ... The question I raised still needs to be addressed: will Rocky EL
>>> be done by paid professionals (as with SL or Springdale Princeton EL)
>>> or will it be done by volunteers, some (many) of whom are "amateurs"?
>>> I am very concerned about the use in a production professional
>>> environment of an "amateur" port of RHEL. ...
>> Conflating "amateur" with a lack of quality and "professional" with high
>> quality and guaranteed support is provably fallacious.
>>
>> One of the very first RHEL rebuilds, White Box Enterprise Linux, was, to
>> use your notation, a "professional" production, sponsored by and for the
>> Beauregard Parish Public Library in DeRidder, Louisiana (read "County"
>> where they write "Parish," it's a Louisiana thing); see
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__distrowatch.com_-3Fnewsid-3D01205&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=JTBeF2QPN2-NB4l7sB0VdZhNuE_mxophQaMcRPYwn5E&s=se-D6Q6pwAPkByDwIbTumyo9JAE46Eo5L8V6yTTzYvY&e=
>>
>>
>> But being "professional" didn't guarantee success; the last release was
>> in 2007. The "amateur" CentOS ended up with far better support with
>> mostly volunteers. I have liked and respected the Scientific Linux
>> developers and their attitude for quite some time, but it honestly
>> wasn't a surprise to me when it was announced that there would be no
>> SL8. The SL community seems to expect long-term support for any
>> arbitrary point release; that is really unsustainable with a small staff
>> and budget.
>>
>> "Amateurs" can afford to dedicate more time in some cases than
>> "professionals;" in my own field at $dayjob the whole science of radio
>> astronomy owes its very existence to a talented and persistent amateur
>> by the name of Grote Reber. Sure, Jansky made the initial discovery
>> while on Bell Labs' payroll (as a "professional" he had to follow his
>> employer's money and go to the next project); Reber did the legwork and
>> got others interested, paving the way for "professional" radio
>> astronomers.
>>
>> In another major area of physics, thermodynamics, medical doctor Julius
>> von Mayer was overshadowed by James Joule; it didn't help that von Mayer
>> was a medical doctor, not a "professional" physicist. (a good overview
>> of that history:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Mechanical-5Fequivalent-5Fof-5Fheat-23Priority&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=JTBeF2QPN2-NB4l7sB0VdZhNuE_mxophQaMcRPYwn5E&s=p0ZIGrcPxwlbndK4YUIC_ynHLup-BPnuyhqss6Ez9pY&e=
>> ).
>>
>> In computer science (using the non-ACM generalized definition of that
>> term), well, all I need to say is "Linus Torvalds." The very kernel you
>> run was an "amateur" creation, and for a number of years had no
>> "professional" support. Likewise, the Debian distribution was started
>> by "amateurs" and still has many "amateur" contributors; Ubuntu, a
>> supposedly "professionally"-supported distribution bases its work on the
>> "amateur" Debian; a chain is no stronger than its weakest link, and if
>> any part of even a "professional" distribution is supported by
>> "amateurs" ... "professional" Linux distribution support is a house of
>> cards built on an "amateur" foundation. It reminds me of the reasoning
>> in Ken Thompson's Turing Award acceptance lecture "Reflections on
>> Trusting Trust" (
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cs.cmu.edu_-7Erdriley_487_papers_Thompson-5F1984-5FReflectionsonTrustingTrust.pdf&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=JTBeF2QPN2-NB4l7sB0VdZhNuE_mxophQaMcRPYwn5E&s=-rEo5cSVS2fhIGxF42uFd_CWmc6DGwZNL3uLrDtYeL4&e=
>>
>> ).
>>
>> One problem with relying on "professional" staff is that the entity
>> paying that staff has direct oversight into how much time they spend on
>> those problems; the funding entity's goals and any particular end user's
>> goals may differ dramatically, and the goals of the funder will trump
>> the goals of the user. A second problem is that the same "professional"
>> staff can be hired away by another company. A third problem is that
>> "professionals" expect to be paid; where does the salary come from? The
>> fourth problem is since there is very likely to be fewer "professional"
>> staff supporting a revenue-negative project, each "professional" becomes
>> extremely important or maybe even indispensible, and the project might
>> have a hard time surviving a "bus incident" or even a major hurricane.
>> I've witnessed all four of these issues first-hand RIP Seth.
>>
>> The problem with "amateurs" is that they can quite literally walk away
>> without it negatively impacting their livelihood, and they're going to
>> work on what interests them, whether it interests the end-user or not.
>> I've witnessed "amateurs" walk away, try to delete everything they ever
>> contributed, and get mad when folks wouldn't forget what had been said.
>> At least with "amateurs" you can afford more of them, and have backups
>> for when people do leave.
>>
>> As far as Rocky Linux is concerned, there is a middle ground where you
>> might have some paid developers and some volunteers; nothing wrong with
>> diversity here. I would expect that, just like the Linux kernel itself,
>> that we'll see a mixture of paid developers and volunteers for Rocky
>> Linux.
>
>
|
