Question About Becoming LSB Certified..?!

Theodore Ts'o tytso at mit.edu
Fri Aug 16 21:03:16 PDT 2002 

On Sat, Aug 17, 2002 at 12:16:38PM +1000, Glenn McGrath wrote:
> The Free software movement wouldnt exist if people wernt prepared to work
> without financial gain, you seem to be implying that although the free
> software community is capable of producing huge amounts of Free code, we
> arent capable, or trustworthy enough to run an automated test to test our
> (other each others) software.

There is more people in the world than just the "free software
community", and not all of them are benign?  Remember LinuxONE?

What if Microsoft were to produce a Linux distribution that almost,
but not quite, compliant?  And suppose they claimed they were
compliant?  How do you prove otherwise?  And how do you stop them from
using the certification mark?

You ever heard of "embrace, extend, and extinguish", before?  It's not
like Microsoft has never tried this before, with, say Java, after
all....

That's the reason why the certification program is there, and why the
logo is protected by service marks, and why a third party is necessary
in order to certify the tests before allowing use of the logo.  *You*
may be trustworthy, and *I* may be trustworthy, but not everyone out
there is trustworthy, and claiming to be part of the "free software
community" does not make someone automatically trustworthy.

The reality is that if for most free software projects, the
certification logo isn't going to be particularly interesting.  If
you're part of the community that will blindly download software from
a web site, compile, it, and install it as root without doing any kind
of checks for trojan horses(*) (let alone compliance to test suites),
then you won't care whether or not said small, non-commercial, free
distribution, displays the certification mark or not.  You'll just be
willing to take the assertion that they are compliant (and that they
haven't inserted any trojan horses) on blind faith.

(*) C'mon..... how many people do you think really do a detailed
line-by-line walkthrough of code that they download looking for trojan
horses before they install and run said code, sometimes as root?

The certification logo is for corporate buyers, or people who are
willing to pay money in exchange for knowing that there is someone who
is willing to legally obligated to stand behind their product.  It's
not really for the traditional free software community, as you put it.

						- Ted

More information about the lsb-discuss mailing list