From: Sean E. <sea...@bi...> - 2004-01-28 18:49:29
|
My thoughts on the matter: The very crux of the Open Source development model is community. If you're reading this list, you probably already know that Gaim is developed and used by a community. Everyone who uses, develops, translates, or audits for security issues such as the ones in question are part of this community. Community is very important. Just to make my point clear, I'm going to say the word "community" two more times. Community. Community. As with any community, we all take different roles. Some of us take on roles with more responsibility than others, but any role in a community has inherit responsibility. As developers, it is our responsibility to write new code, implement new features, fix bugs and the likes. As lead developer, it is my responsibility to direct the project and to coordinate releases with Rob. It is neither the responsibility of a developer nor a lead developer nor a maintainer to tend to the security of our users' computers. That's the responsibility of the users. Yes, it would certainly be easier for the users to do this if we made a release containing the necessary fixes. However, running `patch` is not really all that difficult in itself. People who complain that we have not made an official release containing the fixes they are not willing to apply themselves are leeching off the community; taking advantage of what the rest of us provide without giving anything back themselves. As lead developer, however, it is indeed one of my responsibilities to take charge and attempt to communicate to the entire community. I have just updated the website to inform users of the security vulnerabilites. As for 0.76, however, it's not yet finished. Hopefully it will be finished within the week and will then be released after a short string freeze next week. You probably all disagree with tons of things I just said. -s. |