Slashdot Mirror
10-Day Patch Guarantee Not Mozilla's Policy
narramissic writes "Mozilla has officially backpedaled from a pledge made at Black Hat by the company's director of ecosystem development, Mike Schaver, to fix any critical security bugs in the browser within 'Ten ****ing Days.' On Friday, Mozilla security chief Window Snyder wrote in a blog posting that the 10-day pledge is not Mozilla's policy, saying 'We do not think security is a game, nor do we issue challenges or ultimatums.' And today, the open source browser maker issued a statement retracting the pledge."
Making that sort of pledge is rather rash. I am not saying it can't be done, but I don't see it as simple to fix anything anytime.
Questions you have to ask are;
Is it really a bug?
Can it really be reproduced?
etc etc
Being timely in bugs is good. But not all crashes are the result of bad software. You have to be sure your fix doesn't turn another thing into a bug. They would soon end up chasing after every little bit of dust and lose sight of their real work.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
I don't think that that follows. They've made a few mistakes, and this was one of them. They shouldn't make ultimatums like that. That said, I have a feeling that they'll continue to be a lot more responsive on the patching front than Microsoft, and I think that the point has been made, even if they won't stick to a set time-line.
The Debian thing is not a strike against Mozilla. Their stance is correct and clear. You can't have someone else using your trademark to cover something that they are supporting. If the Debian team introduces a bug or something into their build of Firefox, Mozilla's brand will suffer. That's why Mozilla wanted Debian to rebrand it.
Mozilla is Google. They're on the Google campus, they eat in the Google cafeteria, they get money from Google. The Firefox Corporation is just a subsidiary of Google. Firefox is the once-rumored Google Browser.
My mayor ran on the promising of "fixing any pothole within 24 hours of discovery." Of course the roads are still filled with potholes. Turns out, it was 24 hours of any confirmed pothole, which is trivially easy as the pothole confirmation team is as slow/backed up as the pothole filling team.
Your ad here. Ask me how!
to hold up to the 10-day pledge but in the end, if something major holds back a fix, are we all going to bash them for missing the 10-day pledge? I doubt it. After all, we are not talking about Microsoft. These people are trying to do the best job possible and don't have to consider how the browser fix would interfere with some feak'n gumball machine driver that has IE code in it.
But she's right in that they really shouldn't be making statements like that without having discussed this with their team and doing so could be considered a challenge to others. Not something you want to do with a company willing to pay billions just to purchase marketshare let alone how much they'd be willing to put into ads and other FUD should a fix take 241 hours.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Finally, someone explains it as it is. I'm so tired of Mozilla fanboys who do not understand the situation. Thanks.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
I'm surprised that someone actually took something said at a party (even by someone in such a high position) as official policy.
If he'd said it during a keynote speech, sure, but at a party?
---
"I can't complain, but sometimes still do..." Joe Walsh
Once Konqueror gets a Windows build, it's game-over for Firefox. It's a better browser - it just hasn't, until recently, run on Windows.
I happen to agree it's a much better browser, and a very good file manager, among other things, BUT there's nothing to make me think that once it becomes popular enough, the exact same thing won't happen to it. Popular software gets sucked into the corporate venus fly trap faster than a trailer park gets sucked into a tornado. The nice thing about all this open source though, is that nobody can claim exclusivity. We can always make something similar, a little bit better, and put a different name on it. I was under the impression that's the idea behind GPL and BSD and Creative Commons, etc. to begin with. So we can simply forget about the guy who takes a wrong turn, instead of following him over the cliff.
What?
The stupid thing is it is a statement of policy, it's just that it's not in marketing speak.
If your brother says something like that you know you'll get either that or a good excuse. The good excuse is always an unwritten option, it's just with professional liars that you have to tie them to the every single written word because trying to pin them to a statment is like trying to pin live eels!
Yet if this was done by some MS employee I'm sure /. would be bashing away.
This is a step in the right direction, though. Guaranteeing to fix a future bug that you know nothing about in ten days is just plain insanity. While it's a nice pledge from a marketing viewpoint, developers realise that it's just a lie.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
The thing is, if you allow different products from different sources to be publicly distributed under a single trademarked name, the trademark becomes dilluted and can be declared invalid (by court, trademark dispute board, etc.) That's what the law says, there's not much you can do about it.
BTW, that's why the "Linux" trademark wouldn't surive a test in court now. It doesn't identify a single product from a single source. It's dilluted and invalid.