[lsb-discuss] Some thoughts about the recent packaging discussion
alan at lxorguk.ukuu.org.uk
Sun Mar 2 10:50:21 PST 2008
> The sad fact of the matter is that ISV's that have these issues have
> just already told their customers. "Disable SELinux and try again."
And the smart customers are telling them to go **** themselves. Some day
the conduct of ISVs with that attitude will qualify as "gross negligence"
and with my security hat on the sooner the better.
When it comes to sloppy ISV practice then I'm going to work for and with
*the customers*, and where neccessary for good security practice for and
with the people in governments around the world who are today putting
together frameworks to make damn sure software vendors can't keep
escaping product liability.
It's going to happen, it's going to happen soon (in legal terms) and its
going to make the world a much much better place.
The LSB doesn't need sloppy ISVs and to roll over for them, that's the
kind of talk in the early days of Linux that proved completely bogus.
> So these ISV's *are* going to use either their own home-grown
> text/graphical installers, or they will use something like
> Installshield for Java. That's *just* the reality.
Only if you roll over and play pet poodle to them for the most cases.
Java is a difficult case and it is one where we do need a sensible way to
integrate a cross platform solution to installing what is essentially
cross platform code (well 'write once debug everywhere' code at least)
> Unfortunately, no one stepped up to actually implement the silly
> thing; that's what we are proposing to do now.
Fine but keep the LSB out of it. It doesn't yet exist and isn't adopted
so it is totally out of the LSB sphere.
More information about the lsb-discuss