[Discuss] CrowdStrike Fiasco

[richard.pieri at gmail.com (Rich Pieri)]

On Thu, 25 Jul 2024 15:37:27 -0400
Ian Kelling <iank at fsf.org> wrote:

> FSF wrote a blog about this which I really enjoyed
> https://www.fsf.org/news/lets-not-celebrate-crowdstrike-lets-point-to-a-better-way

Just two points about that, and I acknowledge my anti-FSF knee-jerk
reaction here.

First, the aphorism that, "with enough eyes, all bugs are shallow," is
demonstrably wrong. Examples include Heartbleed, Bashdoor (aka
Shellshock), Log4Shell, and the recent regesSSHion bug. Quantity is not
a substitute for quality.

Second, where the article calls out those who accuse the FSF of being
utopian, that's not an accusation. It's a description of the
leadership. To them, a free-as-in-FSF program that does not work is
superior to a proprietary program which is proven reliable. If the
free-as-in-FSF software isn't at least as good[*] as the proprietary
software it's trying to mimic or replace then it's never going to gain
significant traction.

[*] Where "good" subsumes many factors including functionality,
suitability for purpose, and vendor support.

-- 
\m/ (--) \m/