Am 09.12.2014 um 00:31 schrieb Stephen John Smoogen:
On 8 December 2014 at 16:17, Mike Pinkerton <pselists@xxxxxxxxxxxxxx <mailto:pselists@xxxxxxxxxxxxxx>> wrote: We could have decided to double-down on growing that enthusiast segment, but, first, that's not what the people who showed up to do the work decided; and second, I actually think we continue to serve the hackers and tinkerers very nicely with the spins and nonproduct option. What we're not doing is expanding I'm not suggesting that Fedora not expand into a new market segment. I'm simply suggesting that you not abandon existing users in order to do so. That works in a standard commercial environment where you are able to get the original users to 'give payment' which helps continual funding that work. However in a volunteer organization.. if people don't do the work, then it isn't going to get done. And there is always a lot of work in keeping something going from release to release.
the opposite is truein a commercial environment you need to release new features and versions (even if nobody really needs them) and marketing as well as EOL all the time to force users buy updates
in a opensource environment that pressure don't exist because you sell nothing more or less by a change, you have even users switched to a opensource OS to get rid of the ongoing bloat of new versions while you are happy with the existing software but need to upgrade because otherwise you have no support, bugfixes and security updates
i see that massive all the time around me with Apple and Adobe products where users are angry most of the time because things are changed, new bugs introduced, old ones not fixed but you need to update
the same for commercial office products and so onsometimes even the only reason forcing you to upgrade is because the vendor changed the default file-format in a incompatible way and you get more and more documents from the outside world created with the new versions and you can't open them
I also think you're also kind of setting up an argument against
something no-one is for. "Secure by default" is a not a well-defined
term,
I can't quite parse that, but I think you are intentionally
misunderstanding what I wrote. "Secure by default" might not be a
detailed specification, but it is certainly understood as a general
user expectation, one that I think Fedora has heretofore generally met.
No, even in the security community.. it has no single idea. I have spent
more time getting multiple teams to define each's version of "secure by
default" so that they quit arguing that the other guys aren't that way..
I don't agree with how the firewall is setup on workstation, but I have
seen multiple definitions that match "secure by default" that it still
meets
the security community is usually very clear: * forbid as much as you can by default * allow only what *really* is needed to get the work done * start as less processes as possible * keep code as small and understandable as possible what is not open, not loaded and not running is hard to attack
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
