Re: [debian-knoppix] Open accounting and Open source

On Sun, Apr 27, 2003 at 12:26:56AM -0400, Gilles Pelletier wrote:
> Recently I expressed concern about Knoppix's security because, since
> it's based on testing and unstable, security fixes often come out
> late. I was told that such was the deal: either you go into the pains
> of installing Debian and you have a secure system or you install
> Knoppix and you your system is... well, not so secure.
>
> Of course, if one intends to use Knoppix for the purpose it was
> designed -- i.e. as a Live-CD to pick up mail on a trip or to fix a
> broken down computer, etc. -- security is no concern. But since I had
> the project to offer people to install Knoppix on their computer for
> daily use, I've since had the worried times blues. Isn't there a way
> around this that would benefit both Knoppix and Debian?
>
> Some people have already asked Klaus -- well, I certainly did -- if
> there was a way they could financially contribute to Knoppix. Klaus
> answered that the best way was to send the money to Debian. I don't
> agree with this.
>
> Debian already receives some money though a company they've set up
> called "Software in the Public Interest, Inc." It seems to cather not
> only to Debian, but also to Fresco, GNOME -- GNOME, hear this
> Klaus!!!! :) -- LSB, OFTC, Open Source (.org) and GNU TeXmacs. How
> much, in what proportion, God knows.

SPI is not a company, but a non-profit organization as it's stated at
spi-inc.org main page.

If your donation is earmarked for Debian, all the money goes to
Debian. Anyway, I have CC'ed spi-general list so proper people can
answer you this better (Branden?)

> What we do know is that, though Debian has hundreds of developpers, it
> seems none of them found that devising a decent installation program
> was an endeavour worth undertaking. If Klaus Knopper wasn't born, the
> world would still be stuck with the fucked up Debian script for
> installation.

What's the problem with Debian's installation? It works quite well for
almost all people if you follow default steps. Anyway, FYI, a new
debian-installation system is being worked on. If you feel that Debian
needs a better (I suppose GUI based) installation system, your
contribution is welcomed.

And as I see, Knoppix doesn't "install" but copies a yet installed
system into your hard disk, which is a bit different concept.

>
> Upgrading packages is not a project apt to bring the author's name to
> the forefront. So people prefer to work on HURD or whatever. So I
> doubt that even money sent to Software... Inc. will bring the
> security fixes any faster.

Debian is made by volunteers, which focus on whatever they have
interest on. And people working in security are also volunteers which
have their lifes. If you want, you can contribute yourself or pay some
developers to work in security.

>
> It seems some things at Debian just won't move. During all his
> leadership, Ben Collins has tried to make "ready when it's ready" a
> wee bit earlier. He never succeeded.

Debian releases will be done when they're ready. If you need the new
bleeding edge latest software, you can use testing or unstable.

>
> I understand Klaus wants to keep Knoppix a geeks' project, not a
> business undertaking. He doesn't want to have anything to do with
> finance and end up, as is almost always the case, with his nose in
> the great book instead of in programs. He's competent enough to ask
> good wages and can gather enough money to make a living AND continue
> to have fun with Knoppix.
>
> Still, wouldn't it be great to have somebody paid to bring security
> fixes out asap? Wouldn't it get things moving faster at Debian too?
> Wouldn't this way of contributing to Knoppix also be a contribution
> to Debian worth so much more than sending the money directly?

As I told you, you can pay somebody directly to work on Debian
security fixes. Why is better to direct the money to Knoppix instead?

I'm not against Knoppix receiving money if it needs it and will use it
to improve the system, but I'm trying to show that there are other
ways to make it productive.

--
Jose Carlos Garcia Sogo
jsogo(at)debian(dot)org