[kwlug-disc] Security arguments
unsolicited
unsolicited at swiz.ca
Fri Oct 2 15:16:58 EDT 2009
This thread has given me deja vu. From the aforementioned 'Producing
Open Source Software' http://producingoss.com/en/index.html,
specifically, I think, but I'm not sure:
http://producingoss.com/en/setting-tone.html#code-review.
Paul's comments, especially:
So it's left to each individual programmer to take
responsibility for his own code, and make programming hard for
himself: finding the best way to do a given task, and
eliminating repetition. This takes time,
money, patience, and attention to every detail.
reminds me how I so wish kwlug had a (community) project. Some way to
get my feet wet without having to try to do the whole thing myself,
alone, right off the bat.
From my own recent experiences, I've come to realize it doesn't even
have to be a coding project. And not even for kwlug - it could easily
be a set of kwluggers doing something for a community group.
Got me what it could / should be though.
Khalid Baheyeldin wrote, On 10/02/2009 9:39 AM:
>
> I will admit that being an open source programmer takes guts, but it's
> the kind that can be hedged.
>
>
> I would not as far as to call it "guts", but there is certainly a fear
> factor
> involved, like other things that most people dread (public speaking,
> ...etc.).
>
> Once you have that mental barrier behind you, and release your first
> few modules/programs/..etc. for everyone to rip apart and criticize,
> it is no longer an issue. You will get praises and more users than the
> few complainers.
>
>
> As long as you don't release your code
> with the attitude and the expectation that your code is perfect,
> the community can be fairly forgiving.
>
> You don't have to pull a Dan Bernstein and scoff at everyone else while
> writing "perfect" software. :-) That's way too much pressure to put on
> yourself.
>
>
> Agreed.
>
>
> And by releasing incrementally, you let the users provide feedback, and
> everyone starts hammering out the bugs, including security bugs.
>
>
> A related point: leverage the community! Don't work alone. Free software
> is not only about freedom, but also about collaborative work. The community
> will extend your stuff in ways you never thought about. They will spot bugs.
> They will provide patches for bugs they or other find. They will upgrade
> your
> software to newer API versions. They will write documentation. They do
> advocacy for your software.
>
> Once you realize it is not "your software", but "our software" and you are
> a custodian/maintainer, all this comes together nicely.
>
> Oh, and challenge the complainers to contribute rather than criticize only.
>
> So, Use the Community, Luke ...
More information about the kwlug-disc
mailing list