Stefano Zacchiroli

Stefano Zacchiroli at

[ reposting, hoping this time the URL will be publicly accessible ]

I think replying along those lines is falling into a trap.

In a strictly technical sense, Free Software is not *necessarily* better than proprietary software. Arguing against those who claim "see, I told you, Free Software isn't better" is validating the assumption that the whole point of Free Software is being technically better. Arguably, that claim has been part for a very long time of the *Open Source* (!= Free Software for the purpose of my mini-rant here :-)) folklore, and I have always thought that it was a mistake to try to "sell" Free Software that way.
An excellent take on this specific point, way better than mine here, can be found in Mako's essay «When Free Software isn't (practically) better» http://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html

Free Software is better because it gives user Freedoms. And that is true no matter how many outstanding security bugs exist in the wild. And no matter how many of them will be exploited for doing evil.

Granted, *some* of those freedoms are useful in fighting security bugs and, all other conditions being equal, they give practical advantages over proprietary software. But, unfortunately, those "other conditions" are rarely equal so it is hard to do side-by-side comparisons.

What we need to answer to analogies between heartbleed and alleged failure in the Free Software model is:

1) it would've been worse if OpenSSL wasn't Free Software. And in fact maybe it *is* worse, in the sense that bugs as severe as heartbleed might exist today in critical proprietary software, and we have no way of knowing

2) *shrug*

and move on.

johns, Nicola Busanello, Benjamin Cook, lnxwalt@microca.st and 7 others likes this.

Indeed, it's fortunate that the servers we connect to run free software... at least if flawed proprietary clients connect to them, us free software users aren't affected... if IIS was the norm, we'd be in far way more trouble.

Olivier Berger at 2014-04-13T12:58:02Z

Well.. we can't do a side-by-side comparison because one side is a blackbox with no verifiability or reproducability. So the whole debate is a little surreal. I do think it is important to emphasize that each side is using a different definition of security as well. Only the free software side provides security including security against the software distributor.

johns at 2014-04-14T02:16:14Z

Nicola Busanello, Stefano Zacchiroli, sazius, Christopher Allan Webber likes this.

proprietary software contains back doors. how often do they get closed?

Andrew E at 2014-04-14T02:26:25Z